An anonymous reader quotes a report from The Verge: Betterment, a financial app, sent a sketchy-looking notification on Friday asking users to send $10,000 to Bitcoin and Ethereum crypto wallets and promising to "triple your crypto," according to a thread on Reddit. The Betterment account says in an X thread that this was an "unauthorized message" that was sent via a "third-party system." TechCrunch has since confirmed that an undisclosed number of Betterment's customers have had their personal information accessed. "The company said customer names, email and postal addresses, phone numbers, and dates of birth were compromised in the attack," reports TechCrunch.

Betterment said it detected the attack on the same day and "immediately revoked the unauthorized access and launched a comprehensive investigation, which is ongoing." The fintech firm also said it has reached out to the customers targeted by the hackers and "advised them to disregard the message."

"Our ongoing investigation has continued to demonstrate that no customer accounts were accessed and that no passwords or other log-in credentials were compromised," Betterment wrote in the email.

22 years ago, developer and columnist John Gruber released Markdown, a simple plain-text formatting system designed to spare writers the headache of memorizing arcane HTML tags. As technologist Anil Dash writes in a long piece, Markdown has since embedded itself into nearly every corner of modern computing.

Aaron Swartz, then seventeen years old, served as the beta tester before its quiet March 2004 debut. Google eventually added Markdown support to Docs after more than a decade of user requests; Microsoft put it in Notepad; Slack, WhatsApp, Discord, and Apple Notes all support it now. Dash writes: The part about not doing this stuff solely for money matters, because even the most advanced LLM systems today, what the big AI companies call their "frontier" models, require complex orchestration that's carefully scripted by people who've tuned their prompts for these systems through countless rounds of trial and error. They've iterated and tested and watched for the results as these systems hallucinated or failed or ran amok, chewing up countless resources along the way. And sometimes, they generated genuinely astonishing outputs, things that are truly amazing to consider that modern technology can achieve. The rate of progress and evolution, even factoring in the mind-boggling amounts of investment that are going into these systems, is rivaled only by the initial development of the personal computer or the Internet, or the early space race.

And all of it -- all of it -- is controlled through Markdown files. When you see the brilliant work shown off from somebody who's bragging about what they made ChatGPT generate for them, or someone is understandably proud about the code that they got Claude to create, all of the most advanced work has been prompted in Markdown. Though where the logic of Markdown was originally a very simple version of "use human language to tell the machine what to do", the implications have gotten far more dire when they use a format designed to help expresss "make this **bold**" to tell the computer itself "make this imaginary girlfriend more compliant".

Microsoft has abruptly retired the Microsoft Deployment Toolkit, a free platform that IT administrators have relied on to deploy Windows operating systems and applications for more than two decades. The retirement, reports the Register, came with "immediate" notice, meaning no more fixes, support, security patches, or updates, and the download packages may be removed from official distribution channels.

Ubisoft announced Wednesday it will close its studio in Halifax, Nova Scotia — two weeks after 74% of its staff voted to unionize.

This means laying off the 71 people at the studio, reports the gaming news site Aftermath: [Communications Workers of America's Canadian affiliate, CWA Canada] said in a statement to Aftermath the union will "pursue every legal recourse to ensure that the rights of these workers are respected and not infringed in any way." The union said in a news release that it's illegal in Canada for companies to close businesses because of unionization. That's not necessarily what happened here, according to the news release, but the union is "demanding information from Ubisoft about the reason for the sudden decision to close."

"We will be looking for Ubisoft to show us that this had nothing to do with the employees joining a union," former Ubisoft Halifax programmer and bargaining committee member Jon Huffman said in a statement. "The workers, their families, the people of Nova Scotia, and all of us who love video games made in Canada, deserve nothing less...."

Before joining Ubisoft, the studio was best known for its work on the Rocksmith franchise; under Ubisoft, it focused squarely on mobile games.

Ubisoft Halifax was quickly removed from the Ubisoft website on Wednesday...

An anonymous reader shared this report from It's FOSS: Jenny Guanni Qu, a researcher at [VC fund] Pebblebed, analyzed 125,183 bugs from 20 years of Linux kernel development history (on Git). The findings show that the average bug takes 2.1 years to find. [Though the median is 0.7 years, with the average possibly skewed by "outliers" discovered after years of hiding.] The longest-lived bug, a buffer overflow in networking code, went unnoticed for 20.7 years! [But 86.5% of bugs are found within five years.]

The research was carried out by relying on the Fixes: tag that is used in kernel development. Basically, when a commit fixes a bug, it includes a tag pointing to the commit that introduced the bug. Jenny wrote a tool that extracted these tags from the kernel's git history going back to 2005. The tool finds all fixing commits, extracts the referenced commit hash, pulls dates from both commits, and calculates the time frame. As for the dataset, it includes over 125k records from Linux 6.19-rc3, covering bugs from April 2005 to January 2026. Out of these, 119,449 were unique fixing commits from 9,159 different authors, and only 158 bugs had CVE IDs assigned.
It took six hours to assemble the dataset, according to the blog post, which concludes that the percentage of bugs found within one year has improved dramatically, from 0% in 2010 to 69% by 2022. The blog post says this can likely be attributed to:

• The Syzkaller fuzzer (released in 2015)

• Dynamic memory error detectors like KASAN, KMSAN, KCSAN sanitizers

• Better static analysis

• More contributors reviewing code

But "We're simultaneously catching new bugs faster AND slowly working through ~5,400 ancient bugs that have been hiding for over 5 years."

They've also developed an AI model called VulnBERT that predicts whether a commit introduces a vulnerability, claiming that of all actual bug-introducing commits, it catches 92.2%. "The goal isn't to replace human reviewers but to point them at the 10% of commits most likely to be problematic, so they can focus attention where it matters..."