California Governor Gavin Newsom signed a law giving the California Energy Commission the authority to require bidirectional charging in electric vehicles (EVs) in the future -- although no timeline is set. Bidirectional charging allows EVs to not only charge from the grid but also supply electricity back to the grid, potentially enhancing grid resiliency, supporting renewable energy, and reducing peak electricity demand. Electrek reports: The idea started in 2023 when state Senator Nancy Skinner introduced a bill which would require EVs to have bidirectional charging by 2027. As this bill made its way through the legislative process, it got watered down from that ambitious timeline. So the current form of the bill, which is now called SB 59, took away that timeline and instead gave the California Energy Commission (CEC) the go-ahead to issue a requirement whenever they see it fit. The bill directs the CEC, the California Air Resources Board, and the California Public Utilities Commission to examine the use cases of bidirectional charging and give them the power to require specific weight classes of EVs to be bidirectional-capable if a compelling use case exists.

The state already estimates that integrating EVs into the grid could save $1 billion in costs annually, so there's definitely a use case there, but the question is the cost and immediacy of building those vehicles into the grid. The reason this can't be done immediately is that cars take time to design, and while adding bidirectional charging to an EV isn't the most difficult process, it also only really becomes useful with a whole ecosystem of services around the vehicle.

And that ecosystem has been a bit of a hard sell so far. It's all well and good to tell someone they can make $500/year by selling energy to the grid, but then you have to convince them to buy a more expensive charging unit and keep their car plugged in all the time, with someone else managing its energy storage. Some consumers might push back against that, so part of CEC's job is to wait to pull the trigger until it becomes apparent that people are actually interested in the end-user use case for V2G -- otherwise, no sense in requiring a feature that nobody is going to use.

An anonymous reader quotes a report from Reuters: A federal judge dismissed a U.S. Department of Justice lawsuit accusing eBay of violating environmental laws by allowing the sale of hundreds of thousands of harmful products on its platform, including pesticides and devices to evade motor vehicle pollution controls. U.S. District Judge Orelia Merchant in Brooklyn ruled on Monday that Section 230 of the federal Communications Decency Act, which protects online platforms from liability over user content, shielded eBay from liability in the civil lawsuit.

The judge said eBay's administrative and technical support to sellers "does not materially contribute to the products' alleged unlawfulness" and does not make the San Jose, California, company a "publisher or speaker" on sellers' behalf. Merchant also said eBay was not a "seller" of some of the challenged products, because it did not physically possess them or hold title. She rejected the government's argument that eBay was a seller because it exchanged the products for money. The U.S. government argued eBay violated the Clean Air Act by allowing the sale of harmful products, including more than 343,000 aftermarket "defeat" devices that help vehicles generate more power and get better fuel economy by evading emissions controls. The company also was accused of allowing sales of 23,000 unregistered, misbranded or restricted-use pesticides, as well as distributing more than 5,600 paint and coating removal products that contained methylene chloride, a chemical linked to brain and liver cancer and non-Hodgkin lymphoma.

A Russian criminal gang secretly conducted cyberattacks and espionage operations against NATO allies on the orders of the Kremlin's intelligence services, according to the UK's National Crime Agency. From a report: Evil Corp., which includes a man who gained notoriety for driving a Lamborghini luxury sports car, launched the hacks prior to 2019, the NCA said in statement on Tuesday. The gang has been accused of using malicious software to extort millions of dollars from hundreds of banks and financial institutions in more than 40 countries. In December 2019, the US government sanctioned Evil and accused its alleged leader, Maksim Yakubets, of providing "direct assistance" to the Russian state, including by "acquiring confidential documents." The NCA's statement on Tuesday provides new detail on the work Yakubets and other members allegedly carried out to aid the Kremlin's geopolitical aims. The exact nature of the hacks against the North Atlantic Treaty Organization allies wasn't immediately clear.

The Energy Department said on Monday that it had finalized a $1.52 billion loan guarantee to help a company restart a shuttered nuclear plant in Michigan -- the latest sign of rising government support for nuclear power. From a report: Two rural electricity providers that planned to buy power from the reactor would also receive $1.3 billion in federal grants [Editor's note: the link is likely paywalled; alternative source] under a program approved by Congress to help rural communities tackle climate change. The moves will help Holtec International reopen the Palisades nuclear plant in Covert Township, Mich., which ceased operating in 2022. The company plans to inspect and refurbish the plant's reactor and seek regulatory approval to restart the plant by October 2025.

After years of stagnation, America's nuclear industry is seeing a resurgence of interest. Both Congress and the Biden administration have offered billions of dollars in subsidies to prevent older nuclear plants from closing and to build new reactors. Despite concerns about high costs and hazardous waste, nuclear plants can generate electricity at all hours without emitting the greenhouse gases that are heating the planet. David Turk, the deputy secretary of energy, said he expected U.S. electricity demand would grow by 15 percent over the next few years, driven by an increase in electric vehicles, a boom in battery and solar factories as well as a surge of new data centers for artificial intelligence. That meant the nation needs new low-carbon sources of power that could run 24/7 and complement wind and solar plants.

"California Governor Gavin Newsom has vetoed SB 1047, a high-profile bill that would have regulated the development of AI," reports TechCrunch. The bill "would have made companies that develop AI models liable for implementing safety protocols to prevent 'critical harms'." The rules would only have applied to models that cost at least $100 million and use 10^26 FLOPS (floating point operations, a measure of computation) during training.

SB 1047 was opposed by many in Silicon Valley, including companies like OpenAI, high-profile technologists like Meta's chief AI scientist Yann LeCun, and even Democratic politicians such as U.S. Congressman Ro Khanna. That said, the bill had also been amended based on suggestions by AI company Anthropic and other opponents.

In a statement about today's veto, Newsom said, "While well-intentioned, SB 1047 does not take into account whether an AI system is deployed in high-risk environments, involves critical decision-making or the use of sensitive data. Instead, the.." bill applies stringent standards to even the most basic functions — so long as a large system deploys it. I do not believe this is the best approach to protecting the public from real threats posed by the technology."
"Over the past 30 days, Governor Newsom signed 17 bills covering the deployment and regulation of GenAI technology..." according to a statement from the governor's office, "cracking down on deepfakes, requiring AI watermarking, protecting children and workers, and combating AI-generated misinformation... The Newsom Administration will also immediately engage academia to convene labor stakeholders and the private sector to explore approaches to use GenAI technology in the workplace."

In a separate statement the governor pointed out California " is home to 32 of the world's 50 leading Al companies," and warned that the bill "could give the public a false sense of security about controlling this fast-moving technology. Smaller, specialized models may emerge as equally or even more dangerous than the models targeted by SB 1047 — at the potential expense of curtailing the very innovation that fuels advancement in favor of the public good..."

"While well-intentioned, SB 1047 does not take into account whether an AI system is deployed in high-risk environments, involves critical decision-making or the use of sensitive data. Instead, the bill applies stringent standards to even the most basic functions — so long as a large system deploys it.

"I do not believe this is the best approach to protecting the public from real threats posed by the technology."

Interestingly, the Los Angeles Times reported that the vetoed bill had been supported by Mark Hamill, J.J. Abrams, and "more than 125 Hollywood actors, directors, producers, music artists and entertainment industry leaders" who signed a letter of support. (And that bill also cited the support of "over a hundred current and former employees of OpenAI, Google DeepMind, Anthropic, Meta, and xAI..."

The United Nations is set to vote on a treaty later this year intended to create norms for fighting cybercrime -- and the Biden administration is fretting over whether to sign on. Politico: The uncertainty over the treaty stems from fears that countries including Russia, Iran and China could use the text as a guise for U.N. approval of their widespread surveillance measures and suppression of the digital rights of their citizens. If the United States chooses not to vote in favor of the treaty, it could become easier for these adversarial nations -- named by the Cybersecurity and Infrastructure Security Agency as the biggest state sponsors of cybercrime -- to take the lead on cyber issues in the future. And if the U.S. walks away from the negotiating table now, it could upset other nations that spent several years trying to nail down the global treaty with competing interests in mind.

While the treaty is not set for a vote during the U.N. General Assembly this week, it's a key topic of debate on the sidelines, following meetings in New York City last week, and committee meetings set for next month once the world's leaders depart. The treaty was troubled from its inception. A cybercrime convention was originally proposed by Russia, and the U.N. voted in late 2019 to start the process to draft it -- overruling objections by the U.S. and other Western nations. Those countries were worried Russia would use the agreement as an alternative to the Budapest Convention -- an existing accord on cybercrime administered by the Council of Europe, which Russia, China and Iran have not joined.

The Justice Department unsealed criminal charges Friday against three Iranian operatives suspected of hacking Donald Trump's presidential campaign and disseminating stolen information to media organizations. From a report: The three accused hackers were employed by Iran's paramilitary Revolutionary Guard and their operation also targeted a broad swath of targets, including government officials, members of the media and non-governmental organizations, the Justice Department said.

The Trump campaign disclosed on Aug. 10 that it had been hacked and said Iranian actors had stolen and distributed sensitive internal documents. Multiple major news organizations that said they were leaked confidential information from inside the Trump campaign, including Politico, The New York Times and The Washington Post, declined to publish it.

Ars Technica's Dan Goodin reports: Last week, NIST released its second public draft of SP 800-63-4, the latest version of its Digital Identity Guidelines. At roughly 35,000 words and filled with jargon and bureaucratic terms, the document is nearly impossible to read all the way through and just as hard to understand fully. It sets both the technical requirements and recommended best practices for determining the validity of methods used to authenticate digital identities online. Organizations that interact with the federal government online are required to be in compliance. A section devoted to passwords injects a large helping of badly needed common sense practices that challenge common policies. An example: The new rules bar the requirement that end users periodically change their passwords. This requirement came into being decades ago when password security was poorly understood, and it was common for people to choose common names, dictionary words, and other secrets that were easily guessed.

Since then, most services require the use of stronger passwords made up of randomly generated characters or phrases. When passwords are chosen properly, the requirement to periodically change them, typically every one to three months, can actually diminish security because the added burden incentivizes weaker passwords that are easier for people to set and remember. Another requirement that often does more harm than good is the required use of certain characters, such as at least one number, one special character, and one upper- and lowercase letter. When passwords are sufficiently long and random, there's no benefit from requiring or restricting the use of certain characters. And again, rules governing composition can actually lead to people choosing weaker passcodes.

The latest NIST guidelines now state that:
- Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords and
- Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator. ("Verifiers" is bureaucrat speak for the entity that verifies an account holder's identity by corroborating the holder's authentication credentials. Short for credential service provider, "CSPs" are a trusted entity that assigns or registers authenticators to the account holder.) In previous versions of the guidelines, some of the rules used the words "should not," which means the practice is not recommended as a best practice. "Shall not," by contrast, means the practice must be barred for an organization to be in compliance. Several other common sense practices mentioned in the document include: 1. Verifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.
2. Verifiers and CSPs SHOULD permit a maximum password length of at least 64 characters.
3. Verifiers and CSPs SHOULD accept all printing ASCII [RFC20] characters and the space character in passwords.
4. Verifiers and CSPs SHOULD accept Unicode [ISO/ISC 10646] characters in passwords. Each Unicode code point SHALL be counted as a single character when evaluating password length.
5. Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords.
6. Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.
7. Verifiers and CSPs SHALL NOT permit the subscriber to store a hint that is accessible to an unauthenticated claimant.
8. Verifiers and CSPs SHALL NOT prompt subscribers to use knowledge-based authentication (KBA) (e.g., "What was the name of your first pet?") or security questions when choosing passwords.
9. Verifiers SHALL verify the entire submitted password (i.e., not truncate it).

"Dozens of Fortune 100 organizations" have unknowingly hired North Korean IT workers using fake identities, generating revenue for the North Korean government while potentially compromising tech firms, according to Google's Mandiant unit. "In a report published Monday [...], researchers describe a common scheme orchestrated by the group it tracks as UNC5267, which has been active since 2018," reports The Record. "In most cases, the IT workers 'consist of individuals sent by the North Korean government to live primarily in China and Russia, with smaller numbers in Africa and Southeast Asia.'" From the report: The remote workers "often gain elevated access to modify code and administer network systems," Mandiant found, warning of the downstream effects of allowing malicious actors into a company's inner sanctum. [...] Using stolen identities or fictitious ones, the actors are generally hired as remote contractors. Mandiant has seen the workers hired in a variety of complex roles across several sectors. Some workers are employed at multiple companies, bringing in several salaries each month. The tactic is facilitated by someone based in the U.S. who runs a laptop farm where workers' laptops are sent. Remote technology is installed on the laptops, allowing the North Koreans to log in and conduct their work from China or Russia.

Workers typically asked for their work laptops to be sent to different addresses than those listed on their resumes, raising the suspicions of companies. Mandiant said it found evidence that the laptops at these farms are connected to a "keyboard video mouse" device or multiple remote management tools including LogMeIn, GoToMeeting, Chrome Remote Desktop, AnyDesk, TeamViewer and others. "Feedback from team members and managers who spoke with Mandiant during investigations consistently highlighted behavior patterns, such as reluctance to engage in video communication and below-average work quality exhibited by the DPRK IT worker remotely operating the laptops," Mandiant reported.

In several incident response engagements, Mandiant found the workers used the same resumes that had links to fabricated software engineer profiles hosted on Netlify, a platform often used for quickly creating and deploying websites. Many of the resumes and profiles included poor English and other clues indicating the actor was not based in the U.S. One characteristic repeatedly seen was the use of U.S-based addresses accompanied by education credentials from universities outside of North America, frequently in countries such as Singapore, Japan or Hong Kong. Companies, according to Mandiant, typically don't verify credentials from universities overseas. Further reading: How Not To Hire a North Korean IT Spy

According to the Wall Street Journal, the U.S. Department of Justice is investigating Super Micro Computer after short-seller Hindenburg Research alleged "accounting manipulation" at the AI server maker. Super Micro's shares fell about 12% following the report. Reuters reports: The WSJ report, which cited people familiar with the matter, said the probe was at an early stage and that a prosecutor at a U.S. attorney's office recently contacted people who may be holding relevant information. The prosecutor has asked for information that appeared to be connected to a former employee who accused the company of accounting violations, the report added.

Super Micro had late last month delayed filing its annual report, citing a need to assess "its internal controls over financial reporting," a day after Hindenburg disclosed a short position and made claims of "accounting manipulation." The short-seller had cited a three-month investigation that included interviews with former senior employees of Super Micro and litigation records. Hindenburg's allegations included evidence of undisclosed related-party transactions, failure to abide by export controls, among other issues. The company had denied Hindenburg's claims.

Cybersecurity firm Kaspersky has defended its decision to automatically replace its antivirus software on U.S. customers' computers with UltraAV, a product from American company Pango, without explicit user consent. The forced switch, affecting nearly one million users, occurred as a result of a U.S. government ban on Kaspersky software.

Kaspersky spokesperson Francesco Tius told TechCrunch that the company informed eligible U.S. customers via email about the migration, which began in early September. Windows users experienced an automatic transition to ensure continuous protection, while Mac and mobile users were instructed to manually install UltraAV. Some customers expressed alarm at the unannounced software swap. Kaspersky blamed missed notifications on unregistered email addresses, directing users to in-app messages and an online FAQ. The abrupt change raises concerns about user autonomy and privacy in software updates, particularly as UltraAV lacks an established security track record.

An anonymous reader quotes a report from Bloomberg: OpenAI has pitched the Biden administration on the need for massive data centers that could each use as much power as entire cities, framing the unprecedented expansion as necessary to develop more advanced artificial intelligence models and compete with China. Following a recent meeting at the White House, which was attended by OpenAI Chief Executive Officer Sam Altman and other tech leaders, the startup shared a document with government officials outlining the economic and national security benefits of building 5-gigawatt data centers in various US states, based on an analysis the company engaged with outside experts on. To put that in context, 5 gigawatts is roughly the equivalent of five nuclear reactors, or enough to power almost 3 million homes. OpenAI said investing in these facilities would result in tens of thousands of new jobs, boost the gross domestic product and ensure the US can maintain its lead in AI development, according to the document, which was viewed by Bloomberg News. To achieve that, however, the US needs policies that support greater data center capacity, the document said. "Whatever we're talking about is not only something that's never been done, but I don't believe it's feasible as an engineer, as somebody who grew up in this," said Joe Dominguez, CEO of Constellation Energy Corp. "It's certainly not possible under a timeframe that's going to address national security and timing."

Hackers linked to the Chinese government have broken into a handful of U.S. internet-service providers in recent months in pursuit of sensitive information, WSJ reported Wednesday, citing people familiar with the matter. From the report: The hacking campaign, called Salt Typhoon by investigators, hasn't previously been publicly disclosed and is the latest in a series of incursions that U.S. investigators have linked to China in recent years. The intrusion is a sign of the stealthy success Beijing's massive digital army of cyberspies has had breaking into valuable computer networks in the U.S. and around the globe.

In Salt Typhoon, the actors linked to China burrowed into America's broadband networks. In this type of intrusion, bad actors aim to establish a foothold within the infrastructure of cable and broadband providers that would allow them to access data stored by telecommunications companies or launch a damaging cyberattack. Last week, U.S. officials said they had disrupted a network of more than 200,000 routers, cameras and other internet-connected consumer devices that served as an entry point into U.S. networks for a China-based hacking group called Flax Typhoon. And in January, federal officials disrupted Volt Typhoon, yet another China-linked campaign that has sought to quietly infiltrate a swath of U.S. critical infrastructure.

"The cyber threat posed by the Chinese government is massive," said Christopher Wray, the Federal Bureau of Investigation's director, speaking earlier this year at a security conference in Germany. "China's hacking program is larger than that of every other major nation, combined." U.S. security officials allege that Beijing has tried and at times succeeded in burrowing deep into U.S. critical infrastructure networks ranging from water-treatment systems to airports and oil and gas pipelines. Top Biden administration officials have issued public warnings over the past year that China's actions could threaten American lives and are intended to cause societal panic. The hackers could also disrupt the U.S.'s ability to mobilize support for Taiwan in the event that Chinese leader Xi Jinping orders his military to invade the island.

The FAA's air traffic control systems are significantly out of date and won't be updated until the 2030s, according to a report from the U.S. Government Accountability Office (GAO). The Register reports: In a report released Monday, the GAO said that 51 of the FAA's 138 ATC systems -- more than a third -- were unsustainable due to a lack of parts, shortfalls in funding to sustain them, or a lack of technology refresh funding to replace them. A further 54 systems were described as "potentially unsustainable" for similar reasons, with the added caveat that tech refresh funding was available to them. "FAA has 64 ongoing investments aimed at modernizing 90 of the 105 unsustainable and potentially unsustainable systems," the GAO said in its report. "However, the agency has been slow to modernize the most critical and at-risk systems."

The report said the seemingly perilous status of 17 systems was "especially concerning" as these are deemed to have critical operational impact at the same time as being unsustainable and having extended completion dates -- the first of them won't be modernized until 2030 at the earliest. Others aren't planned to be complete until 2035, and four of the 17 "most critical and at-risk FAA ATC systems" have no modernization plans at all. Of the systems on the list, two are more than 40 years old, and a further seven have been in service for more than 30 years.

Caroline Ellison, the former CEO of Alameda Research, must serve 24 months in prison and forfeit $11 billion. "I've seen a lot of cooperators in 30 years. I've never seen one quite like Ms. Ellison," said Judge Lewis Kaplan during the sentencing hearing today. The Verge reports: Ellison pleaded guilty to two counts of wire fraud and five conspiracy counts in December 2022 as part of a cooperation agreement with the government. Prosecutors had recommended a lenient sentence because of Ellison's "extraordinary" and "very timely" cooperation. Her own lawyers asked for no jail time, as did the federal Probation Department.

Ellison was the key witness at the trial of FTX cofounder Sam Bankman-Fried, where she testified for three days. A statement submitted by the prosecution before Ellison's sentencing said the speed at which she came clean made it possible to indict her ex-boyfriend Bankman-Fried quickly, "ensuring that he did not flee the Bahamas or further obstruct the government's investigation." The document also noted that Ellison was completely and immediately forthcoming in her meetings with the government.

Ellison was also prompt in assisting John J. Ray, the new CEO charged with cleaning up the FTX mess, in locating and recovering customer assets, according to a statement written by Ray submitted by the defense. Her "early cooperation" was "valuable" in recovering debtors' assets, he wrote. Ellison is working on a deal where she will turn over "substantially all of her remaining assets after satisfying her forfeiture obligations" to the FTX debtors.

An anonymous reader quotes a report from Ars Technica: California Gov. Gavin Newsom vetoed a bill that would have required makers of web browsers and mobile operating systems to let consumers send opt-out preference signals that could limit businesses' use of personal information. The bill approved by the State Legislature last month would have required an opt-out signal "that communicates the consumer's choice to opt out of the sale and sharing of the consumer's personal information or to limit the use of the consumer's sensitive personal information." It would have made it illegal for a business to offer a web browser or mobile operating system without a setting that lets consumers "send an opt-out preference signal to businesses with which the consumer interacts."

In a veto message (PDF) sent to the Legislature Friday, Newsom said he would not sign the bill. Newsom wrote that he shares the "desire to enhance consumer privacy," noting that he previously signed a bill "requir[ing] the California Privacy Protection Agency to establish an accessible deletion mechanism allowing consumers to request that data brokers delete all of their personal information." But Newsom said he is opposed to the new bill's mandate on operating systems. "I am concerned, however, about placing a mandate on operating system (OS) developers at this time," the governor wrote. "No major mobile OS incorporates an option for an opt-out signal. By contrast, most Internet browsers either include such an option or, if users choose, they can download a plug-in with the same functionality. To ensure the ongoing usability of mobile devices, it's best if design questions are first addressed by developers, rather than by regulators. For this reason, I cannot sign this bill." Vetoes can be overridden with a two-thirds vote in each chamber. The bill was approved 59-12 in the Assembly and 31-7 in the Senate. But the State Legislature hasn't overridden a veto in decades. "It's troubling the power that companies such as Google appear to have over the governor's office," said Justin Kloczko, tech and privacy advocate for Consumer Watchdog, a nonprofit group in California. "What the governor didn't mention is that Google Chrome, Apple Safari and Microsoft Edge don't offer a global opt-out and they make up for nearly 90 percent of the browser market share. That's what matters. And people don't want to install plug-ins. Safari, which is the default browsers on iPhones, doesn't even accept a plug-in."

The Department of Justice has filed an antitrust lawsuit against Visa, alleging that the financial services firm has an illegal monopoly over debit network markets and has attempted to unlawfully crush competitors, including fintech companies like PayPal and Square. From a report: The lawsuit follows a multiyear investigation of Visa which the company disclosed in 2021. "We allege that Visa has unlawfully amassed the power to extract fees that far exceed what it could charge in a competitive market," Attorney General Merrick Garland said in a statement. "Merchants and banks pass along those costs to consumers, either by raising prices or reducing quality or service. As a result, Visa's unlawful conduct affects not just the price of one thing -- but the price of nearly everything."

Visa makes more than $7 billion a year in payment processing fees alone, and more than 60 percent of debit transactions in the United States run on Visa's network, the complaint claims. The government alleges that Visa's market dominance is partly due to the "web of exclusionary agreements" it imposes on businesses and banks. Visa has also attempted to "smother" competitors -- including smaller debit networks and newer fintech companies -- the complaint alleges. Visa executives allegedly feel particularly threatened by Apple, which the company has described as an "existential threat," the DOJ claims.

An anonymous reader quotes a report from the New York Times: Paper or paper? In California, shoppers will have only one bag option at the checkout line starting in 2026. A decade ago, California became the first U.S. state to ban single-use plastic bags, the flimsy sacks that regularly blew into waterways, littered streets and collected in landfills. The prohibition, in the nation's most populous state, was considered a turning point in the effort to reduce plastic waste. But the move backfired in a way that few supporters expected. Californians in 2021 actually tossed nearly 50 percent more plastic bags, by weight, than when the law first passed in 2014, according to data from CalRecycle, California's recycling agency. A loophole in the initial ban allowed retailers to provide thick-walled plastic bags and charge 10 cents a piece for them. Though technically reusable and recyclable, the heavier-duty sacks still ended up in many trash cans after a shopping trip.

Gov. Gavin Newsom signed legislation on Sunday banning the sale at grocery checkouts of all plastic bags (Warning: source may be paywalled; alternative source), regardless of thickness. The only option for customers who lack their own reusable shopping bags will be buying paper bags for 10 cents each. "We deserve a cleaner future for our communities, our children and our earth," said Rebecca Bauer-Kahan, a Democratic assemblywoman and co-author of the bill, in a statement. "It's time for us to get rid of these plastic bags and continue to move forward with a more pollution-free environment." Plastic bags are typically used for 12 minutes before being discarded, according to the California Public Interest Research Group, a consumer advocacy group. But those bags live in oceans and landfills for hundreds of years, and can contaminate drinking water and food in the form of microplastics. SB 1053 will go into effect on January 1st, 2026. It also changes the definition of a "recycled paper bag," requiring all bags with that label to be made of at least 50% post-consumer recycled materials starting January 1st, 2028.

Customers of Kaspersky antivirus in the United States found out in the last few days that their cybersecurity software was automatically replaced with a new one called UltraAV, according to several customers. And while Kaspersky said earlier this month that its U.S. customers would be transitioned to UltraAV, many of its customers said they had no idea this was going to happen and that it would automatically be forced upon them. From a report: "Woke up to Kasperky [sic] completely gone from my system with Ultra AV and Ultra VPN freshly installed (not by me, just automatically while I slept)," a user on Reddit wrote. Others reported having the same experience in the same Reddit thread, as well as in other threads. A reseller, who until recently sold Kaspersky products prior to the recent sales ban, told TechCrunch that he was left "annoyed" by the move to automatically remove Kaspersky software and replace it with an entirely different antivirus. A former senior U.S. government cybersecurity official said that this was an example of the "huge risk" posed by the access granted by Kaspersky software. It's worth noting that, on the other hand, other customers did report receiving an email from Kaspersky about the transition to UltraAV.

The government of Bhutan is currently holding over $828 million in bitcoin, according to onchain data by Arkham Intelligence. From a report: "Unlike most governments, Bhutan's BTC does not come from law enforcement asset seizures, but from bitcoin mining operations, which have ramped up dramatically since early 2023," the crypto intelligence firm explained. Crypto intelligence firm Arkham highlighted the Kingdom of Bhutan's bitcoin holdings on social media platform X last week. Bhutan is a small, landlocked kingdom located in the eastern Himalayas, bordered by China to the north and India to the south. The country currently has a population of less than 800,000 people. We learned last year that Bhutan had been secretly mining bitcoin using its abundant hydroelectric resources since around 2019. The operation, which began when bitcoin was priced at approximately $5,000, aims to harness the country's vast renewable energy reserves to power mining rigs.

Hydroelectricity already accounts for 30% of Bhutan's GDP and powers nearly all of its 800,000 residents. The government claimed last year that mining profits are used to subsidize power and hardware costs. This revelation makes Bhutan one of the few countries globally to run a state-owned bitcoin mine, alongside El Salvador.

At over $800 million in Bitcoin holdings, the reserve accounts for nearly a third of Bhutan's 2022-calculated GDP.