Feed aggregator

ServiceNow is used by thousands of enterprises to automate their internal processes, but says several customers had data accessed because of a security bug.

Linux Lite 8.0 is now available, rebuilt atop Ubuntu 26.04 and with its custom helper apps rewritten around GTK4. It arrives almost exactly two years after we looked at Linux Lite 7, itself two years after Linux Lite 6.0. The regularity of the release cycle is a sign of its maturity: the project is now 14 years old. Version 8 is based on Ubuntu 26.04 Resolute Raccoon, but it eliminates the vexed question that many distros pose: which desktop to use. Linux Lite uses version 4.20 of the Xfce desktop, which in our opinion is an excellent choice. While Ubuntu continues to pile on the pounds, this release of Linux Lite is slightly smaller than its predecessor – the download is 410 MB less. As ever, it includes neither Snap nor Flatpak, which should help users to keep it slim and light. Each major version number of Linux Lite is rebased on a new LTS version of Ubuntu, and will be followed by point releases – very similarly to Linux Mint. Linux Lite 8.x sees some substantial changes, although to be fair, some of these first appeared late in the 7.x release series. The default web browser is now Mozilla Firefox – Google Chrome has got the boot. We can't help but wonder if this is at least in part inspired by Google silently embedding a 4 GB LLM, or perhaps the restrictions that stopped uBlock Origin working from 2024. One of the benefits of Linux Lite for less experienced or technical users, who don't know where to go to do things like changing system settings, installing drivers, and so on, is its selection of handy pre-installed helper applications. The release notes list 15 of these that have been rewritten for this version, and now they use GTK4. The announcement also mentions "end-to-end GTK4 theming." That sounds great, but there's always a cost, and this time, it is that GTK4 no longer supports what the GNOME developers consider tired old UI metaphors like menu bars. So the new Lite apps have fondleslab-style hamburger menus instead, and the primary or default button appears in the title bar. Even years after GNOME 40, we find that a bizarre and unintuitive location. Some of these custom apps are important tools. For instance, Lite Terminal replaces Xfce Terminal. The announcement says it is a "super light, responsive built from the ground up terminal. Beautiful font rendering, predictive auto-complete, a slew of right click options," and calls out "a title bar that turns light red when you are in sudo" (which the new GNOME terminal Ptyxis does too). That's all good, but this vulture would rather just have a menu bar that responds to keyboard controls. The Lite Software app now replaces the venerable Synaptic. It's true, there's been little visible development in Synaptic for years, but we don't find Lite Software capable enough to replace it: for instance, it can only sort by name, not by any other columns – such as whether packages are installed or not, or by version. These changes mean that the new GTK4 apps aren't consistent with the rest of Xfce and its traditional menu bar/toolbar layout. Personally, this vulture doesn't care much about performance or appearance or fonts or themes; we care much more about a consistent working UI that can be driven by the keyboard alone. These GNOME-isms creeping in, such as disappearing menu bars, are not welcome – any more than they are in Linux Mint. Google Chrome has been ousted, but AI hasn't. There's a new MyAI function in Firefox (rather than as a standalone app), which offers a choice of local LLM tools. The announcement devotes over 100 words and eight big screenshots to this, saying: Yes, we understand that AI is a polarising topic. With an estimated 1.2 billion people using it, we felt a responsibility to provide the option, but in a way that respects people's choice rather than forcing it on them. So, yes, points for awareness, but we still feel that generative AI is a profoundly and irredeemably unethical and harmful technology – even privacy-centric local models with open weights burned huge amounts of resources in their training, using material from people who never got offered the choice of consent. We are saddened to see it installed by default in any FOSS-adjacent product. Saying that, we did appreciate the note at the end: If you don't want it: sudo apt purge myai Right click, Delete Bookmark in the Toolbar in Firefox. Good for the team for that concession. The docs also clearly state that it doesn't support Secure Boot: Secure Boot is not supported on Series 8. You must disable Secure Boot in firmware before installing. We made this call so the system stays simple and reliable for everyone – no MOK enrolment, no shim quirks, no surprise breakage after a kernel update. That's a good call, although some guidance on how to do that would be much better. It's not trivial. For all that many corporate coders like it, this jaded old hack feels that Richard Stallman's position on "Secure Boot" was right: Truly secure boot means YOU specify what system is allowed to run in your computer. On the desktop is a link called "Wiki," pointing to the project's online documentation. That's good, but it won't help someone to get online in the first place, and we felt its title in former releases, "Help Manual," was more informative. There are other significant changes. This version uses the Calamares cross-distro installer in place of Canonical's Ubiquity or Subiquity: it is clear and works well, although we've seen reports of problems on very low-end machines, and the release notes warn it could have problems on "potato computers." There are some handy additional tools, such as a junk-files cleaner. There's a one-click Lite Game Center: "Press the big button and it installs Steam, Lutris, Proton, Wine, game controller support and a few popular helpers all in one go." There are also kernel performance-testing tools and a choice of a lower-latency kernel. There are tools to strip the distro down to the core essentials too, and to remaster your own customized version. There's an OEM installation mode, so the end-user can create their own user account from the first boot. There's a custom system monitor app, an informative About applet, and in the shell, btop replaces htop. Version-to-version in-place upgrades are now supported, so it's possible to upgrade Linux Lite 7.x to 8.x – conspicuously absent in earlier releases. We've covered Linux Lite enough in previous reviews, so this is just an overview of the highlights in the new version 8. The additional tools are of real value: things like software updates, driver installers (adopted from Linux Mint), easy point-and-click installation of native packages of popular apps from Audacity to Zoom. Linux Lite adds a lot of polish and improved fit-and-finish over even rivals such as Zorin OS or Linux Mint, and comfortably surpasses what you get with Ubuntu, or even Xubuntu. Post-install, it detected some 160 available updates. We installed them, which showed a friendly if not very informative progress bar: it went straight to 100 percent and then stayed there for many more minutes as it worked away. After a reboot, it found over 40 more. It has some very nice less-obvious customizations, such as the Starship custom shell prompt for bash. The default search engine is the project's own instance of SearXNG. Thanks to the appalling enshittification of Google in the mid-2020s, a custom search engine is more useful than ever. We installed it in a current VirtualBox release, and the driver installer didn't offer the FOSS guest additions – but then that tool is borrowed from Linux Mint, and it never offers them either. Post-update, a full install used 7.8 GB of disk space and idled on 897 MB of RAM – which is almost exactly the same as Xubuntu, while offering a lot more help, guidance, and useful supplementary tools. It's not perfect. We're not delighted by the new Gtk4 Lite apps, and would have preferred the developers favored a consistent classic-Windows like UI over new shiny. There's nothing wrong with the Xfce terminal, Synaptic, and other time-polished tools, or indeed, with Gtk3: better to embrace the classics, and find ways to add value elsewhere. The customizations are great, but could go further: for instance, Xfce's Docklike Taskbar gives a lovely panel that resembles the Windows 7 one, and the fish shell would complement the Starship prompt nicely. These minor criticisms aside, this is one of the best offerings in the greater Ubuntu market. As of version 8, Linux Lite has finally grown into its name. By modern full-fat desktop standards, such as Ubuntu itself, or other downstream distros such as Zorin OS and Linux Mint, it is a lightweight distro – and yet, it offers more assistance and guidance for Windows migrants than any of them. ®

The funding round was led by Norwest, with participation S Capital VC, Cerca Partners, and Oceans Ventures. Snowflake Ventures also participated as a strategic investor.

Almost all UK workers now have to deal with AI, but few firms report big productivity gains because of all the time lost in hand-holding the systems and cleaning up their mistakes. So says a report by the Work AI Institute, a research arm of AI biz Glean Technologies. It claims there are productivity gains to be had from introducing AI-based tools, yet much of this is being negated by the amount of time employees waste making them work – a phenomenon it has christened "botsitting." The organization surveyed 1,500 digital workers for "The Work AI Index: UK 2026" report, finding 90 percent are now required to use AI in their roles, 80 percent use multiple AI tools every week, and 39 percent use four or more. The workers indicate AI automation saves them roughly 12 hours a week, or just under a third of their working week. Yet only 18 percent agree AI has significantly improved their organization's performance. The time freed up isn't flowing into productive work, it's being absorbed by the unglamorous human labour required to keep those systems running, according to the Work AI Institute. For every hour a UK staffer spends getting output from their AI tools, they spend roughly another hour making it usable. Part of the reason so much time disappears into botsitting is how often the tools fail, with employees finding that more than a third (36 percent) of AI sessions fail outright, requiring a full restart or substantial reworking. On average, Brit workers waste 5.8 hours each week in these botsitting processes, the report says. This time is typically taken up by loading the context window with information the AI should already have, and overseeing the output. The latter involves reviewing answers and trying to catch outputs that are wrong, incomplete, or missing important context. When workers spot a problem with the output, they may have to re-prompt, add more context, swap models, and re-prompt again until something usable comes back, the researchers claim. And if they aren't diligent enough to spot when an AI tool has goofed up, the mess lands on colleagues who weren't involved with the work, but now have to fix something they didn't break. Most of this botsitting effort is grunt work, the report notes, such as reloading context into different tools, catching hallucinations, and verifying outputs that may appear perfectly fine at first glance. In effect, workers are serving as the integration layer for their company's AI tools, having to tell them which information sources to use, which documents are current, and what other key details matter, as well as correcting their mistakes. Interfaces and standards such as APIs and the Model Context Protocol (MCP) were supposed to solve this by letting tools talk to each other and share data, the Work AI Institute says, but they don't solve the context problem. Workers eventually tire and start to cut corners, becoming less diligent in checking outputs, verifying sources, or checking whether the AI's recommendations make any sense, the survey says. 70 percent of UK AI users admit to simply passing on the first output that looks "good enough." According to the Work AI Institute, the UK has moved fast on AI uptake, leading even the US on key adoption metrics. However, it is the depth of adoption that stands out, going beyond using it for content generation and moving it into the activities that shape working life. The report warns AI is now being used in higher-stakes areas where UK law is tightly regulated, such as HR decisions. It claims more than half of UK workers are comfortable with AI playing a role in performance evaluation, and nearly 40 percent say it is already used in reviews. British workers are more comfortable than Americans with AI in hiring, promotion, compensation, and even termination decisions. Even so, local organizations are less likely to use AI in termination decisions because employment law makes dismissal harder to defend than in the US. The report concludes that Britain has built a stronger institutional foundation for workplace AI than almost any other country, and claims this is a potential advantage. Yet the value of this AI investment will come from operational discipline, and measuring whether the work produced is better, not just faster. Otherwise the hours workers "save" are lost again in botsitting. "Adoption alone doesn't equal transformation," said Dr Rebecca Hinds, head of the Work AI Institute at Glean. "If employees are spending the productivity dividend on botsitting, companies haven't eliminated work – they've created a new layer of overhead." ®

National headlines may have shifted, but the impacts of President Donald Trump’s mass deportation agenda are still being felt across Los Angeles. For many, it has devastated their financial, mental, and physical wellbeing. And as Immigration and Customs Enforcement agents still roam the city, the struggle is far from over. “Sometimes I wake up in the middle of the night remembering…

Source

When it comes to transformative horror films from the last 20 years, there are few that come to mind. One in particular is Ari Aster’s Hereditary, the 2018 film starring Toni Collette, Alex Wolff, Milly Shapiro, and Gabriel Byrne. We watched a family completely unravel in the most chilling way following a matriarch’s death. The film made Aster a big name in the horror film world; however, he never followed up with a sequel. That’s not necessarily a bad thing because, well, not everything needs a sequel. Hereditary was phenomenal on its own. But Aster recently revealed that he wrote a Hereditary prequel but it hasn’t felt like “the right time” to pursue it. A24

“I wrote a prequel to this,” Aster said about Hereditary after a screening of it in June 2026. “It never feels like the right time. It’s a prequel, not a sequel, so I don’t know where this goes.”  

RELATED ARTICLE

Mondo Unveils Eerie A24 Posters for HEREDITARY, SACRED DEER

We aren’t exactly sure what that means or if he ever intends to make a prequel. As we all know in the horror world, it is never, ever too late to pick back up with a universe. Many franchises wait decades before a sequel, prequel, reboot, or whatever term applies. We’d be down to dig into the world of Hereditary more. But, if Aster decides to let that script sit in a box, we will always be thankful for his first feature film.

The post Ari Aster Wrote a HEREDITARY Prequel Film appeared first on Nerdist.

GitHub will change npm's defaults so the install command no longer runs scripts automatically, disabling a feature commonly exploited by malicious packages such as the notorious Shai-Hulud worm. Maintainer Leo Balter said: "Install-time lifecycle scripts are the single largest code-execution surface in the npm ecosystem. Every npm install runs scripts from every transitive dependency, so a single compromised package anywhere in your tree can execute arbitrary code on a developer machine or CI (continuous integration) runner." In npm 12, due July, three security-focused defaults are changing. Scripts configured for preinstall, install, or postinstall will no longer run unless explicitly permitted via allow-scripts. The --allow-git flag, which pulls dependencies from remote URLs, will default to off, closing an attack path where a malicious .npmrc file could override the Git executable and achieve arbitrary code execution. Finally, allow-remote will default to none, blocking dependency downloads from remote URLs entirely. It will still be possible to allow scripts to run via an allowlist in the package.json configuration file. This will be pinned to the installed version of a package by default. These are breaking changes, and Balter recommended developers run the commands to allow scripts for every currently installed package in a project that requires them. "This gets you protected against new, unexpected scripts immediately," he said. The next step is to review these packages and deny scripts for those where they are not needed. Some packages require script approval to function, including native modules that compile on install, testing tools like Playwright and Puppeteer (which fetch binaries via postinstall), and Electron, which wraps the Chromium browser engine for cross-platform desktop applications. These features have been available since npm version 11.10.0, released in February, but as opt-in flags rather than defaults. That version also introduced min-release-age, which blocks installation of package version newer than a specified number of days, designed as a safeguard against newly published malicious packages. Best security practice for developers using npm 11.16, the current version, is to set these flags on in .npmrc or via environment variables, which will also prepare a project for the changes in version 12. One annoyance is that the existing flag ignore-scripts does not support an allowlist, other than via an additional tool. The ignore-scripts setting will override allow-scripts, so developers will need to remove it, if set to true, to enable approved scripts to run. The allowScripts setting exists in npm 11 but is advisory only. Will this fix npm security issues? Unfortunately not. "Now all the malware can move from the install script to the module itself where it will inevitably still be run," said one developer. Another common view is that developers should use pnpm, which already has safer defaults than npm, including a minimum release age. There is consensus, though, that these changes do improve npm security and are long overdue. The pull request for this change includes the remark that "npm is the only remaining major package manager that runs dependency install scripts by default. pnpm v10+, Yarn Berry, Bun, and Deno all block them." ®

⚡ Quick Take

• The BBC has canceled the Doctor Who Christmas special in a surprising move.
• Russel T Davies will also leave the series.
• The BBC is searching for a new Doctor Who head and presumably a new Doctor.

Just like the Grinch came for Whoville, the BBC has come for Whovians this holiday season. The network announced it has canceled this year’s Doctor Who Christmas special. It also revealed that showrunner Russell T Davies is leaving the series. This might all sound very bad, but according to Davies, the mere possibility of a Christmas special was always meant to serve as a bridge to a new era of Doctor Who. And that’s exactly what this is all about. The BBC is already looking for a new voice to lead the show.

BBC

After the Doctor Who Christmas Special was postponed… from Christmas… we know things might not be going in a great direction. And now, the BBC has revealed big changes are coming to its landmark sci-fi series, and they start with not making the planned Christmas special. From the network’s official press release:

After careful consideration, the BBC, Russell T Davies and Bad Wolf have collectively decided not to go ahead with the previously announced Doctor Who Christmas episode. This decision was not taken lightly, and we know it will be disappointing for fans, but in order to set the show up for future series, it was decided that rather than bridge the gap with a one off special, we are choosing to push forward to invest in the long-term future of the show which ensures that when the TARDIS lands once more, it does so in all its glory.

BBC/Bad Wolf Studios/Disney+

The BBC also said that its efforts at “securing the next phase of the show for future generations will include putting the show “out to competitive tender this year.” On Instagram, Davies confirmed his departure and also offered insight into the cancellation of the Doctor Who Christmas special, which apparently only ever existed in strategic name only. Davies wrote, “We only cooked [the special] up to guarantee a future when no one knew what would happen, but now we do know, there’s no need for it.”

Davies also said no Doctor Who Christmas special script ever existed and that he never approached any actor to play the Doctor. Left unsaid is what his departure and the special’s cancellation will mean for the giant cliffhanger he leaves behind. We thought the Christmas special could resolve the shocking return of Billie Piper’s Rose Tyler. Now we don’t know if that storyline will ever get a conclusion. We might never know if she was, in fact, the next Doctor. And we probably won’t find out if we’ll find out until 2028.

That’s not a long time for a regenerating Time Lord. But it’s not exactly the type of holiday present Whovians expected to get this year.

The post DOCTOR WHO Christmas Special Canceled, Russell T Davies Leaving Show appeared first on Nerdist.

Decart is launching Oasis 3, a real-time world model that generates photorealistic driving environments for autonomous vehicle testing, now available via API for developers to build on.

President Donald Trump last year dramatically ratched up the fee for H-1B work visas to $100,000, saying it would protect American workers from losing their jobs to lower-paid foreigners. But on Monday a federal judge struck down the fees, siding with 20 states and ruling that the Trump administration exceeded its authority by raising the fee without congressional approval.

Source

Users under 16 years old will get a separate profile to show Stories and Spotlight posts to friends that they follow back.

Electricity demand from AI data centers is pushing everyone — including automakers like GM and Ford — into the energy storage business.

Follow me on Bluesky or Mastodon Related | Transportation chief wants AI to manage your air travel safety…

Source

Fusion power startup Avalanche Energy said its reactor prototype heated a plasma to over 10 million degrees C.

Ambrosia Energy wants to build power plants in less than 12 months while undercutting natural gas. It hopes to build gigawatts worth by 2030.

NASA has named the four astronauts set to fly the Artemis III mission in an announcement that raised as many questions as it answered. The quartet is comprised of a Space Shuttle veteran, Randy Bresnik, as commander, and the European Space Agency's Luca Parmitano, whose helmet filled with water during an International Space Station (ISS) spacewalk. NASA astronauts Frank Rubio and Andre Douglas will serve as mission specialists. In addition, NASA astronaut Bob Hines will serve as a backup crew member. Originally slated to land astronauts on the Moon, Artemis III was repurposed to test human lander technology from Blue Origin and SpaceX in low Earth orbit, similar to Apollo 9's check of the lunar module. The change also sidesteps an awkward problem: Orion and SLS may be closer to ready than the landers they were supposed to support. The official announcement sticks to the line that the aim is to test "one or both" commercial landers, and NASA presented a mission profile that includes both Blue Origin and SpaceX. The hope is that the Artemis III crew will first rendezvous with the Blue Moon lunar pathfinder, which, according to NASA's Jeremy Parsons, can loiter in orbit for up to 90 days. John Coulouris of Blue Origin then detailed the activities planned. As well as docking, the hatch will be opened, astronauts will enter and possibly perform a trial run at donning lunar spacesuits. Docked operations will last approximately two days, according to NASA. Once done, the Orion spacecraft will detach and await the arrival of SpaceX's test article, consisting of a Starship fitted with the docking equipment planned for the lunar lander variant. Docked operations are expected to last for around a day. There are several problems with this. The first is that SpaceX has yet to get a Starship into orbit and does not appear to be as far along in its lunar lander development as Blue Origin, at least as far as Artemis III is concerned. Blue Origin also suffered a significant anomaly in recent weeks. Its New Glenn rocket, required for launching its lander, exploded on the launchpad. While CEO Dave Limp insisted "we will fly again before the end of this year," Blue Origin has significant work to do to return to flight, and Artemis III is planned for the second half of 2027. Although Parsons said "we are confident that New Glenn will be ready for Artemis III," alternatives are being considered. The lander requires a heavy-lift rocket – something like a Falcon Heavy is a possibility, but the liquid hydrogen fuel used by Blue Origin's BE-7 engines would make the plumbing tricky, and any modifications could take as long as returning New Glenn to flight status. ®

This story was originally published by the Guardian and is reproduced here as part of the Climate Desk collaboration.

A record-shattering drought has racked much of the United States. But the artificial intelligence industry is pushing ahead regardless, with the majority of planned data centers set to be built in drought-ridden locations, a Guardian analysis has found.

About two-thirds of upcoming data centers, which typically require a large amount of water to operate, are set to be built in places that have been among the driest in the country over the past year.

Of 809 planned data centers, 517 are in locations that have been in drought conditions throughout the past year, according to data from Cleanview and the federal government, which grades drought across four levels of severity. A similar proportion of existing data centers are already situated in drought-affected areas.

More than 60 percent of the contiguous US is currently at varying stages of drought, the largest expanse for spring in modern records, with a particularly severe lack of rain and snow in the Southeast and West desiccating croplands and raising fears of a disastrous wildfire season.

“There isn’t enough water to go around. Now with this explosion of data centers, I think a crunch point is inevitable.”

Scientists have determined that the climate crisis, caused by the burning of fossil fuels, is worsening the duration and intensity of droughts in the US.

But a stampede of new data centers are adding extra demands via their hefty energy and water requirements. Large data centers, some the size of small towns, can require up to 5 million gallons of water a day, equivalent to the water use of up to 50,000 people, in order to provide cooling to arrays of humming networked computers.

Overall, the multiplying data centers are set to demand as much as 73 billion gallons of water a year by 2028, up from about 17 billion gallons in 2023. Each 100-word AI prompt uses up roughly a half-liter of water due to the cooling needs of data centers, researchers have estimated.

“The AI industry is sprinting as fast as it can to gain market dominance, and the rest of us have to deal with a great increase in water demand in places already in drought,” said Christopher Dalbom, an expert in water resources law at Tulane University. “Even if there wasn’t climate change, we’d be feeling the effects of droughts more acutely, because water demand is going up and up, to feed more people and water more lawns and crops. There isn’t enough water to go around. Now with this explosion of data centers, I think a crunch point is inevitable.”

“I mean, ChatGPT is a pretty nice tool, but most people would prefer to have a beef steak.”

Companies such as Google, Meta, Microsoft, and Amazon are pouring billions of dollars into new data centers, with developers often drawn to dry, sparsely populated areas, due to the lower cost of land and generous tax breaks. Arid climates are also thought to cause the least amount of corrosion to equipment over time.

One of the world’s largest data centers, a complex twice the size of Manhattan, was controversially approved last month in a Utah county that has been deep in drought since summer last year. Meanwhile, Walla Walla county in Washington, site of a planned Amazon data center, has also been overwhelmingly in drought since July of last year.

In Texas, two of the largest new data centers are arriving in counties—Pecos and Carson—recently parched by drought. Data centers could account for 9 percent of Texas’s total water use by 2040, researchers recently calculated, with the state’s water development board forecasting Texas will have to deal with rising overall demand and falling supply of water in the decades ahead.

While an immediate water shortage is unlikely, hard choices will have to be made to avoid future clashes over water access, according to Dalbom. “When we get into a situation where there’s a limited amount of water available, are we going to limit water to residents and businesses before data centers?” he said.

“In the eastern US, we have always assumed an abundance of water, so the legal systems aren’t set up for shortages. We can’t just assume that people aren’t going to be asked to reduce their water use, while data centers and energy won’t be.”

Concerns over water use, as well as rising energy bills, have stirred local opposition to a rash of data center projects, causing some developments to be curtailed or canceled. These concerns have become a political headache for Republicans—Donald Trump has been a vocal supporter of the AI industry—with much of the opposition coming from rural, more conservative areas.

“Ranchers are being told to be conservative with water, to not waste water, and now there’s a new competing interest able to get near unlimited access to water,” said Andrew Coppin, chief executive of Ranchbot, a company that helps ranchers track their water use. “The concerns from farmers are real and justified. Data centers are flavor of the month now, but we wouldn’t make the choice to only be able to have a shower on Mondays, Wednesdays and Saturdays. I mean, ChatGPT is a pretty nice tool, but most people would prefer to have a beef steak if they had to choose.”

Data center developers say the industry’s current water use is still just a fraction of what much larger consumers, primarily agriculture, already take, causing growing strain on key sources such as the Colorado River. Even the irrigation of golf courses and lawns sucks up more water than data centers.

Guardian graphic based on data from Cleanview and NOAAGuardian graphic. Sources: Cleanview, Noaa

“Data center operators work closely with local authorities to ensure compliance with all applicable rules and regulations and to ensure operations do not stress local water supplies,” said Dan Diorio, vice-president of state policy at the Data Center Coalition. “The industry is actively prioritizing responsible water use through operational best practices and innovative development strategies, often collaborating with local authorities and conservation organizations on water restoration and reclamation projects. Data center operators are among the few private sector industries actively investing in local water infrastructure.”

The sector claims it is making progress to replace standard evaporative cooling with more efficient technologies such as closed-loop cooling, whereby the same coolant, such as water or glycol, is continually piped among the servers to absorb their heat.

However, while such cooling systems save water, they need more energy to run. This power typically comes from fossil fuels, which unlike cleaner forms of energy require copious amounts of water to generate electricity.

Such a trade-off is evident at Meta’s huge proposed data center, called Hyperion after the father of the sun in Greek mythology, in Louisiana. While the facility will use closed-loop cooling, it will also need the energy input of 10 gas-fired power plants that will use large amounts of water as well as emit planet-heating emissions.

“It will be an issue for farmers near the data center and if more data centers are approved to draw down the same aquifer you get a death by a thousand cuts,” said Dalbom. “You may see the water table going down so wells will have to be deeper to access the groundwater. There will still be water there but cost more to access.”

Meta said that it will prioritize on-site water efficiency to the extent that its water use will be less than if the land was used for agriculture purposes.

“I think there is an emerging consensus among the major hyper-scalers about the importance of water stewardship.”

“Meta estimates the data center will use as much as 1 billion gallons of water per year, drawing it from an aquifer currently used for agriculture, not from the community’s drinking water,” a company spokeswoman said.

The overall water impact of AI is far larger than data centers themselves, however. A January study found that data centers will be responsible for just 4 percent of the 30 trillion gallons of extra water that will be needed, globally, for AI expansion by the midpoint of this century. Power generation and semiconductor fabrication for AI will suck up much more water than the data centers themselves, the report states.

“Data centers are the most visible element to people but they are only part of the picture,” said Albert Cho, chief strategy officer at Xylem, the company behind the study. Cho said that data centers’ water use will remain smaller than other large sectors, such as agriculture, and use of renewable energy and reduced water waste will help reduce demand.

“Water tends not to be the top-line consideration,” when data center sites are chosen, Cho said, but he added: “I think there is an emerging consensus among the major hyper-scalers about the importance of water stewardship.”

Yet the public backlash has been so strong—polling shows 70 percent of Americans don’t want to live next to a data center—that some states are considering new restrictions. California, Michigan and Iowa, for example, are mulling bills to require operators to submit regular reports on water use while others, such as South Carolina and Kansas, may force developers to use closed-loop cooling systems. Lawmakers in New York have gone further, with plans for an outright moratorium on data centers.

In Utah, the state’s governor, who last year asked residents to pray for rain amid a deep drought, has attempted to reassure voters that the enormous new Stratos data center will not endanger the Great Salt Lake, which was already shrinking due to water overuse and rising global temperatures. A group opposing the county approval of Stratos is aiming to overturn this decision via a public referendum.

The data center is backed by Kevin O’Leary, a Canadian businessman who has featured on TV shows such as Shark Tank and is a keen supporter of Trump. O’Leary has, without evidence, accused opponents of Stratos of being paid protesters or in league with the Chinese Communist party.

“There could not be a worse advocate for this project than Kevin O’Leary, who has been absolutely dismissive of people in Utah again and again,” said Ben Abbott, an ecologist at Brigham Young University and the executive director of Grow the Flow, a Utah environmental group.

Alexa Chandler holds a sign at a protest against the construction of a data center on May 4, 2026 in Tremonton, Utah.Natalie Behring via Getty

“I haven’t found a single person in favor of this,” he added. “It has brought together urban and rural communities, farmers and environmentalists, linking arms against this. I think this project is mortally wounded as a result.”

The Great Salt Lake is “headed for an all-time low” and the massive 9 gigawatts of power needed for Stratos, as well as its cooling systems, will probably push the ecosystem into further water deficit, Abbott said.

“There couldn’t be a worse time to do this,” Abbott said of the Stratos project. “Climate change is causing important hydrological shifts and here in the west we have a less stable water supply due to the mega-drought. But, more importantly, we are also harvesting the fruits of a century of water overuse.”

O’Leary’s case for the project is that it would be a big economic win, bringing jobs and tax revenue to rural parts of the state while helping the US win on AI in its rivalry with China. Last week he agreed to make cuts to the scale of the project after pressure from state lawmakers and said in a post on X that he was “working around the clock to address every issue raised, from water usage and environmental impact to power generation and community benefits.”

A lawsuit has also been filed against the project brought by five local residents and a progressive group.

Worldwide, three-quarters of people could face drought impacts by 2050 all while data centers use 2.5 trillion gallons of water in the coming decade, enough to meet the drinking water needs of the planet’s human population for over a year, the UN has estimated.

Even when some withdrawn water is recycled by data centers, “large-scale withdrawals can strain aquifers and river systems, particularly in arid or groundwater-depleted regions,” a recent UN report warned.

“We need to rethink our relationship with water because at the moment there is just this unrestricted demand everywhere,” said Abbott. “We are in systemic water deficit almost everywhere on the planet.”

Last week, the Pentagon released a new list of 31 religions officially recognized by the US Department of Defense, edited down from more than 200 that had previously been accepted. The purpose of streamlining, Pentagon spokesperson Sean Parnell said in a statement, was not to delegitimize any one religion, but rather “to allow chaplains to quickly look at the religious composition of their units and determine how they structure resources to best provide for warfighters of all faith groups.”

But to some religious groups, the new list looked biased. Of the 31 groups listed, 22 were Christian. Atheists, pagans, and humanists, which had all been on the original list, were excluded. But the loudest complaints were about its structure. Members of the Church of Jesus Christ of Latter-Day Saints noted that while their faith was included, it had been sequestered from other Christian faiths—which they saw as part of a pattern of some denominations refusing to recognize LDS members as fellow Christians.

Indeed, Samuel Perry, a professor of rhetoric at Baylor University who studies Christian nationalism, noted that it wasn’t until evangelicals rallied around LDS politician Mitt Romney during his run for president in 2008 that mainline Christians accepted LDS as a Christian faith. That was, said Perry, “completely a political change in order to be able to move centrally around one candidate.”

Last week, after the Pentagon released its list, Utah’s two Mormon senators made their objections known on social media. Sen. Mike Lee (R-UT) tweeted, “Can anyone tell me why The Church of Jesus Christ of Latter-day Saints was left out of the list of Christian churches?” Sen. John Curtis (R-UT) was more pointed in his tweet:

Latter-day Saints are among the most patriotic, service-oriented individuals in our country. They are also unequivocally Christian—just look at who is in the name of the Church.

It is unacceptable for a government entity to characterize a faith in a manner that contradicts the… https://t.co/ywqk59ZtRz

— Senator John Curtis (@SenJohnCurtis) June 6, 2026

On Monday, the Department of Defense released a new list—and that version did list LDS as a “Christian” faith. But the Pentagon’s perceived slight is still roiling Christian social media, with some accounts rushing to defend the LDS church, and others, like firebrand pastor Joel Webbon, declaring to his 111,000 followers, “Mormons will go to hell.”

So was the original listing of Mormons apart from other Christian faiths simply an oversight, or a snub? In a tweet about the newest version of the list, the DOD claimed the former. “The Pentagon list included redundant and unnecessary labeling,” the agency said in a tweet on Monday, “and the mistake has been fixed.”

But in the past few days, some accounts on social media have pointed out that US Secretary of Defense Pete Hegseth belongs to a Christian nationalist denomination—called Communion of Reformed Evangelical Churches (CREC)—that holds that Mormons aren’t Christians.

Which wouldn’t be terribly significant in the grand sweep of religious beliefs—except that CREC explicitly advocates for Christians to exert their faith’s influence over the government. Doug Wilson, the Moscow, Idaho, pastor who founded CREC, has described his vision of “a network of nations bound together by a formal, public, civic acknowledgement of the lordship of Jesus Christ and the fundamental truth of the Apostles’ Creed.” He has long argued in favor of Christian nationalism, and he has likened his fiefdom in Idaho—which includes a church, school, college, and publishing house—to a “working prototype” of what Christian nationalism could look like.

One theological point of distinction between LDS and other Christian denominations is that LDS members don’t accept the Apostles’ Creed because it states that God, Jesus, and the Holy Spirit are all one entity. In contrast, Perry, the Christian nationalism scholar, noted the LDS church teaches that they are three distinct beings. From Wilson’s description of his ideal version of America, it appears that everyone would have to live by the Apostles’ Creed—whether they believed in it or not. In Wilson’s Christian America, said Perry, “Anything that falls outside of the doctrinal vision that Wilson or CREC have would fall outside of what they consider to be kind of a true belief in Christianity, so there’s kind of an exclusivity that’s being cultivated.”

Over the last few years, Wilson has begun to move in influential political circles, speaking at the National Conservatism conference with Vice President JD Vance and appearing at an event about Christian political strategy with Project 2025 architect Russell Vought. Last year, he planted a new CREC church in Washington, DC, where Hegseth often attends services. Most significantly, in February, Wilson delivered a sermon at the Pentagon, at the behest of Hegseth.

In an email, Wilson confirmed that CREC’s version of Christianity doesn’t include Mormons. “We would consider the Mormons to be a non-Christian faith with Christian terminology,” he wrote, and added that his church would consider LDS people to be “polytheists.”

The LDS Church did not respond to a request for comment for this story, and the US Department of Defense directed me to its tweet about the most recent revision of the list.

In April, during a congressional hearing that coincided with Black Maternal Health Week, Rep. Summer Lee (D-Pa.) pressed Health and Human Services Secretary Robert F. Kennedy Jr. about the US’ abysmal and largely preventable rates of maternal death compared to its peers.

Black women, Lee pointed out, fare three times worse than their white counterparts, even as the Trump administration continues to cut both health funding and research into racial health disparities.

She posed a question: “How are we going to solve the Black maternal mortality crisis if we cannot say ‘Black’?” 

The GOP’s attacks on Medicaid—which finances health care for more than two in five births across the country—and the White House’s termination of thousands of federal health and science workers, including those tasked with compiling the country’s most comprehensive data on maternal and infant health, give even more weight to independent research like Listening to Mothers, a nationwide survey published by the nonprofit National Partnership for Women and Families on Monday.

The report—the group’s first nationwide survey since 2013—surveys thousands of mothers who gave birth in a hospital in 2023 and 2024 about their experiences with the maternal care system, revealing pervasive barriers to quality care and widespread failures by health systems.

The report ends by warning that “modest gains” like expanded postpartum Medicaid coverage “are now at risk of being rolled back.”

Around 40 percent of respondents said they’d been disrespected, dismissed, or ignored by providers during labor and delivery. More than a third reported unmet social needs during pregnancy—mainly a lack of income, difficulty paying utility bills, or finding childcare—particularly Black and indigenous respondents and those on Medicaid. After having their children, more than a fifth said at least one of those needs still hadn’t been met.

Before, during, and after their pregnancies, up to a fourth of respondents reported experiencing depressive symptoms. Symptoms of anxiety were even higher. Yet most people with either symptom received no treatment, even as late as 12 weeks after giving birth. And while research suggests that support from doulas and midwives improves outcomes, only a small fraction of respondents reported having access to or using either.

The report ends by warning that the “modest gains of recent years,” such as the expansion of Medicaid coverage to one year postpartum in all 50 states but Arkansas, “are now at risk of being rolled back.”

“We’re not where we should be,” said Nan Strauss, National Partnership’s senior director of maternal care. “We need to be adding to and improving people’s lives, making it easier for them to focus on their families at this really critical moment, and instead their own efforts to be the best new mom that they can are being undercut every step of the way.”

In July, congressional Republicans enacted major cuts to SNAP and Medicaid; my colleague Daniel Friedman noted at the time that the bill would cost millions of people their health insurance and reduce access to birth control and other reproductive care—imperiling maternity services at more than 140 rural hospitals, as my fellow colleague Nina Martin also reported. 

As the administration slashes the social safety net, it’s also suppressing vast amounts of data on maternal health. For decades, the Center for Disease Control and Prevention’s Reproductive Health Division partnered with a majority of state health departments to survey tens of thousands of women about their experiences before, during, and after pregnancy as part of the Pregnancy Risk Assessment Monitoring System. But last April, the CDC team that oversaw PRAMS was put on leave, indefinitely cutting off federal support to the states collecting this data. (The termination of thousands of federal workers, including those at the CDC, is currently being challenged in court.)

In the aftermath, said Rita Hamad, a social epidemiologist at Harvard University who has used PRAMS data to research safety net policies like paid parental leave, “some states were not able to continue their data collection, in part because they were losing out on that technical assistance from the CDC.”

“One really heartbreaking example is Mississippi, which stopped data collection for most of 2025,” Hamad said, noting that the state declared infant mortality a public health emergency the same year. “I was just thinking, gosh, how are they going to be able to address this crisis?”

Cassondra Marshall, an associate professor in UC Berkeley’s Maternal, Child, and Adolescent Health Program, has used both PRAMS and Listening to Mothers data in her research. The data is “needed to develop interventions” by policymakers, Marshall emphasized. Yet policies like the Momnibus bills, which were reintroduced in March and seek among other things to expand the perinatal workforce and improve data collection, face an uphill battle in the Republican-dominated Congress.

As my colleague Madison Pauly put it last June, “With the White House and state governments denying the very idea of systemic racism and targeting anything that smacks of [DEI], structural change seems further away than ever.”

To make matters worse, the information the government is releasing isn’t exactly reliable. Last month, on Mother’s Day, HHS launched moms.gov, a website it described as offering “guidance and information to support the health and wellbeing of mothers and their families.” Yet the homepage contains no mention of parental leave or contraception, includes minimal mental health resources, and directs people to crisis pregnancy centers through another website operated by the Christian, anti-abortion Heartbeat International.

For decades, mothers and maternal health experts have been talking about the need for evidence-based, community-focused interventions. Under RFK Jr., public health seems to be moving in the opposite direction.

It's patch time for Ivanti customers again after the security shop disclosed another two critical vulnerabilities in one of its products. Both bugs affect Ivanti Sentry, a mobile gateway that forms part of its broader unified endpoint management platform. The first and worst of the two is CVE-2026-10520 (10.0), a max-severity vulnerability that allows a remote, unauthenticated attacker to execute code with root privileges. Flaws that allow root-level code execution without authentication are about as bad as vulnerabilities get, which explains the perfect-10 rating. The only saving grace is that, by the vendor's reckoning, no one has successfully exploited it in the wild… yet. Public disclosures tend to start a figurative countdown timer when it comes to attackers exploiting bugs, and although Ivanti gave little away about CVE-2026-10520 in its advisory, other researchers have already published breakdowns of the patch, offering clues as to how unpatched systems could still be attacked. According to watchTowr, the vulnerability stemmed from an exposed API running under Apache Tomcat. An attacker could feed the API a specially crafted message, which is parsed as a MICS configuration command and executed by the backend handler with root privileges. It looks like Ivanti fixed this by preventing this attacker-supplied string from being accepted, replacing it with a single, hard-coded command. It also updated the Apache configuration rules to block unauthenticated access to the affected endpoint. The second critical Ivanti Sentry vulnerability is tracked as CVE-2026-10523, and is scarcely less serious, carrying a near-maximum 9.9 CVSS. The authentication bypass bug allows remote, unauthenticated attackers to create admin accounts, granting themselves top privileges on an affected system. Customers are advised to address both security flaws immediately. They can upgrade to versions 10.5.2, 10.6.2, or 10.7.1. Ivanti's disclosure this week comes after it fixed two separate critical vulnerabilities affecting its Endpoint Manager Mobile (EPMM) in January. The bugs were both handed 9.8 CVSS scores and were exploited as zero-days. Even the Dutch data protection authority reported itself to parliament after attackers breached it as part of the pre-patch exploits. ®