Stockholm Exergi Lands World’s Largest Permanent Carbon Removal Deal With Microsoft

Swedish energy company Stockholm Exergi and Microsoft have announced a 10-year deal that will provide the tech giant with more than 3.3 million tons of carbon removal certificates through bioenergy with carbon capture and storage. While the value of the deal was not disclosed, it stands as the largest of its kind globally. Carbon Herald reports: Scheduled to commence in 2028 and span a decade, the agreement underscores a pivotal moment in combatting climate change. Anders Egelrud, CEO of Stockholm Exergi, lauded the deal as a “huge step” for the company and its BECCS project, emphasizing its profound implications for climate action. “I believe the agreement will inspire corporations with ambitious climate objectives, and we target to announce more deals with other pioneering companies over the coming months,” he said. Recognizing the imperative of permanent carbon removals in limiting global warming to 1.5C or below, the deal aligns with Microsoft’s ambitious goal of becoming carbon negative by 2030.

“Leveraging existing biomass power plants is a crucial first step to building worldwide carbon removal capacity,” Brian Marrs, Microsoft’s Senior Director of Energy & Carbon Removal, said, highlighting the importance of sustainable biomass sourcing for BECCS projects, as is the case with Stockholm Exergi. The partners will adhere to stringent quality standards, ensuring transparent reporting and adherence to sustainability criteria. The BECCS facility, once operational, will remove up to 800,000 tons of carbon dioxide (CO2) annually, contributing significantly to atmospheric carbon reduction. With environmental permits secured and construction set to commence in 2025, Stockholm Exergi plans to reach the final investment decision by the end of the year.

Read more of this story at Slashdot.

Google Fit Dev APIs Shutdown Set, Fate of Android and Wear OS Apps Go Unannounced

Abner Li reports via 9to5Google: Since the launch of Health Connect in 2022, Google has been winding down the Google Fit developer APIs. Earlier this week, the company fully detailed how the “Google Fit APIs have been deprecated and will be supported until June 30, 2025.” Fitness and exercise apps that previously used Google Fit have until the June 2025 deadline to switch to Health Connect, with Google broadly referring to it as the “Android Health platform.”

Google’s migration guide for developers lists what they’re supposed to switch to on Android phones and Wear OS. However, there is no replacement for the Goals API that lets Google Fit users set “how many steps and heart points they want to aim for each day.” Google says it will “share more details about what’s next for Android Health” at I/O later this month.

As of this API shutdown announcement, Google has said nothing about the Google Fit apps on Android, Wear OS, and iOS. They still work to track activity and house your full archive. […] At this point, it’s clear that Google Fit is not the future. On the Pixel Watch, Fitbit is the default, while Samsung and other Wear OS manufacturers have their own health tracking solutions. If Google were to announce a deprecation of the Fit app, having it coincide with the June 2025 developer deadline makes sense.

Read more of this story at Slashdot.

Novel Attack Against Virtually All VPN Apps Neuters Their Entire Purpose

Researchers have discovered a new attack that can force VPN applications to route traffic outside the encrypted tunnel, thereby exposing the user’s traffic to potential snooping or manipulation. This vulnerability, named TunnelVision, is found in almost all VPNs on non-Linux and non-Android systems. It’s believe that the vulnerability “may have been possible since 2002 and may already have been discovered and used in the wild since then,” reports Ars Technica. From the report: The effect of TunnelVision is “the victim’s traffic is now decloaked and being routed through the attacker directly,” a video demonstration explained. “The attacker can read, drop or modify the leaked traffic and the victim maintains their connection to both the VPN and the Internet.” The attack works by manipulating the DHCP server that allocates IP addresses to devices trying to connect to the local network. A setting known as option 121 allows the DHCP server to override default routing rules that send VPN traffic through a local IP address that initiates the encrypted tunnel. By using option 121 to route VPN traffic through the DHCP server, the attack diverts the data to the DHCP server itself. […]

The attack can most effectively be carried out by a person who has administrative control over the network the target is connecting to. In that scenario, the attacker configures the DHCP server to use option 121. It’s also possible for people who can connect to the network as an unprivileged user to perform the attack by setting up their own rogue DHCP server. The attack allows some or all traffic to be routed through the unencrypted tunnel. In either case, the VPN application will report that all data is being sent through the protected connection. Any traffic that’s diverted away from this tunnel will not be encrypted by the VPN and the Internet IP address viewable by the remote user will belong to the network the VPN user is connected to, rather than one designated by the VPN app.

Interestingly, Android is the only operating system that fully immunizes VPN apps from the attack because it doesn’t implement option 121. For all other OSes, there are no complete fixes. When apps run on Linux there’s a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks. Network firewalls can also be configured to deny inbound and outbound traffic to and from the physical interface. This remedy is problematic for two reasons: (1) a VPN user connecting to an untrusted network has no ability to control the firewall and (2) it opens the same side channel present with the Linux mitigation. The most effective fixes are to run the VPN inside of a virtual machine whose network adapter isn’t in bridged mode or to connect the VPN to the Internet through the Wi-Fi network of a cellular device. You can learn more about the research here.

Read more of this story at Slashdot.

Microsoft’s ‘Responsible AI’ Chief Worries About the Open Web

From the Washington Post’s “Technology 202” newsletter:

As tech giants move toward a world in which chatbots supplement, and perhaps supplant, search engines, the Microsoft executive assigned to make sure AI is used responsibly said the industry has to be careful not to break the business model of the wider web. Search engines citing and linking to the websites they draw from is “part of the core bargain of search,” [Microsoft’s chief Responsible AI officer] said in an interview Monday….

“It’s really important to maintain a healthy information ecosystem and recognize it is an ecosystem. And so part of what I will continue to guide our Microsoft teams toward is making sure that we are citing back to the core webpages from which the content is sourced. Making sure that we’ve got that feedback loop happening. Because that is part of the core bargain of search, right? And I think it’s critical to make sure that we are both providing users with new engaging ways to interact, to explore new ideas — but also making sure that we are building and supporting the great work of our creators.”

Asked about lawsuits alleging copyright use without permission, they said “We believe that there are strong grounds under existing laws to train models.”

But they also added those lawsuits are “asking legitimate questions” about where the boundaries are, “for which the courts will provide answers in due course.”

Read more of this story at Slashdot.

Scientists Find a ‘Missing Link’ Between Poor Diet and Higher Cancer Risk

Science Alert reports that a team of researchers found “that changes in glucose metabolism could help cancer grow by temporarily disabling a gene that protects us from tumors called BRCA2.”

The team first examined people who inherited one faulty copy of BRCA2. They found that cells from these people were more sensitive to methylglyoxal (MGO), which is produced when cells break down glucose for energy in the process of glycolysis. Glycolysis generates over 90 percent of the MGO in cells, which a pair of enzymes typically keep to minimal levels. In the event they can’t keep up, high MGO levels can lead to the formation of harmful compounds that damage DNA and proteins. In conditions like diabetes, where MGO levels are elevated due to high blood sugar, these harmful compounds contribute to disease complications.

The researchers discovered that MGO can temporarily disable the tumor-suppressing functions of the BRCA2 protein, resulting in mutations linked to cancer development…

As the BRCA2 allele isn’t permanently inactivated, functional forms of the protein it produces can later return to normal levels. But cells repeatedly exposed to MGO may continue to accumulate cancer-causing mutations whenever existing BRCA2 protein production fails. Overall, this suggests that changes in glucose metabolism can disrupt BRCA2 function via MGO, contributing to the development and progression of cancer…

This new information may lead to strategies for cancer prevention or early detection. “Methylglyoxal can be easily detected by a blood test for HbA1C, which could potentially be used as a marker,” Venkitaraman says. “Furthermore, high methylglyoxal levels can usually be controlled with medicines and a good diet, creating avenues for proactive measures against the initiation of cancer.”

Their research has been published in Cell.

Read more of this story at Slashdot.

Can Technology Help Reduce Drunk-Driving Deaths?

An anonymous reader shared this report from the Wall Street Journal:
Drunken-driving deaths in the U.S. have risen to levels not seen in nearly two decades, federal data show, a major setback to long-running road-safety efforts. At the same time, arrests for driving under the influence have plummeted, as police grapple with challenges like hiring woes and heightened concern around traffic stops… About 13,500 people died in alcohol impairment-related crashes in 2022, according to data released in April by the National Highway Traffic Safety Administration. That is 33% above 2019’s toll and on par with 2021’s. The last time so many people died as a result of accidents involving intoxicated drivers was in 2006.
That’s still down from the early 1980s, when America was seeing over 20,000 drunk-driving deaths a year, according to the article. “By 2010, that number had fallen to around 10,000 thanks to high-profile public-education campaigns by groups like MADD, tougher laws, and aggressive enforcement that included sobriety checkpoints and typically yielded well over a million DUI arrests annually.”
But some hope to solve the problem using technology:
Many activists and policymakers are banking on the promise of built-in devices to prevent a car from starting if the driver is intoxicated, either by analyzing a driver’s exhaled breath or using skin sensors to gauge the blood-alcohol level. NHTSA issued a notice in December that it said lays the groundwork for potential alcohol-impairment detection technology standards in all new cars “when the technology is mature.”
And Glenn Davis, who manages Colorado’s highway-safety office, “pointed to Colorado’s extensive use of ignition interlock systems that require people convicted of DUI to blow into a tube to verify they are sober in order for their car to start. He said the office promotes nondriving options such as Lyft and Uber.”

Read more of this story at Slashdot.

AI-Powered ‘HorseGPT’ Fails to Predict This Year’s Kentucky Derby Winner

In 2016, an online “swarm intelligence” platform generated a correct prediction for the Kentucky Derby — naming all four top finishers, in order. (But the next year their predictions weren’t even close, with TechRepublic suggesting 2016’s race had an unusual cluster of just a few top racehorses.)

So this year Decrypt.co tried crafting their own system “that can be called up when the next Kentucky Derby draws near.
There are a variety of ways to enlist artificial intelligence in horse racing. You could process reams of data based on your own methodology, trust a third-party pre-trained model, or even build a bespoke solution from the ground up. We decided to build a GPT we named HorseGPT to crunch the numbers and make the picks for us…

We carefully curated prompts to instill HorseGPT with expertise in data science specific to horse racing: how weather affects times, the role of jockeys and riding styles, the importance of post positions, and so on. We then fed it a mix of research papers and blogs covering the theoretical aspects of wagering, and layered on practical knowledge: how to read racing forms, what the statistics mean, which factors are most predictive, expert betting strategies, and more. Finally, we gave HorseGPT a wealth of historical Kentucky Derby data, arming it with the raw information needed to put its freshly imparted skills to use.
We unleashed HorseGPT on official racing forms for this year’s Derby. We asked HorseGPT to carefully analyze each race’s form, identify the top contenders, and recommend wager types and strategies based on deep background knowledge derived from race statistics.

HorseGPT picked two horses to win — both of which failed to do so. (Sierra Leone did finish second — in a rare photo finish. But Fierceness finished… 15th.) It also recommended the same two horses if you were trying to pick the top two finishers in the correct order — a losing bet, since, again, Fierceness finished 15th.

But even worse, HorseGPT recommended betting on Just a Touch to finish in either first or second place. When the race was over, that horse finished dead last. (And when asked to pick the top three finishers in correct order, HorseGPT stuck with its choices for the top two — which finished #2 and #15 — and, again, Just a Touch, who came in last.)

When Google Gemini was asked to pick the winner by The Athletic, it first chose Catching Freedom (who finished 4th). But it then gave an entirely different answer when asked to predict the winner “with an Italian accent.”

“The winner of the Kentucky Derby will be… Just a Touch! Si, that’s-a right, the underdog! There will be much-a celebrating in the piazzas, thatta-a I guarantee!”

Again, Just a Touch came in last.

Decrypt noticed the same thing. “Interestingly enough, our HorseGPT AI agent and the other out-of-the-box chatbots seemed to agree with each other,” the site notes, “and with many experts analysts cited by the official Kentucky Derby website.”

But there was one glimmer of insight into the 20-horse race. When asked to choose the top four finishers in order, HorseGPT repeated those same losing picks — which finished #2, #15, and #20. But then it added two more underdogs for fourth place finishers, “based on their potential to outperform expectations under muddy conditions.”
One of those two horses — Domestic Product — finished in 13th place.

But the other of the two horses was Mystik Dan — who came in first.

Mystik Dan appeared in only one of the six “Top 10 Finishers” lists (created by humans) at the official Kentucky Derby site… in the #10 position.

Read more of this story at Slashdot.

Humans Now Share the Web Equally With Bots, Report Warns

An anonymous reader quotes a report from The Independent, published last month: Humans now share the web equally with bots, according to a major new report — as some fear that the internet is dying. In recent months, the so-called “dead internet theory” has gained new popularity. It suggests that much of the content online is in fact automatically generated, and that the number of humans on the web is dwindling in comparison with bot accounts. Now a new report from cyber security company Imperva suggests that it is increasingly becoming true. Nearly half, 49.6 per cent, of all internet traffic came from bots last year, its “Bad Bot Report” indicates. That is up 2 percent in comparison with last year, and is the highest number ever seen since the report began in 2013. In some countries, the picture is worse. In Ireland, 71 per cent of internet traffic is automated, it said.

Some of that rise is the result of the adoption of generative artificial intelligence and large language models. Companies that build those systems use bots scrape the internet and gather data that can then be used to train them. Some of those bots are becoming increasingly sophisticated, Imperva warned. More and more of them come from residential internet connections, which makes them look more legitimate. “Automated bots will soon surpass the proportion of internet traffic coming from humans, changing the way that organizations approach building and protecting their websites and applications,” said Nanhi Singh, general manager for application security at Imperva. “As more AI-enabled tools are introduced, bots will become omnipresent.”

Read more of this story at Slashdot.