An anonymous reader quotes a report from the Guardian: Authorities in Denmark are urgently studying how to close an apparent security loophole in hundreds of Chinese-made electric buses that enables them to be remotely deactivated. The investigation comes after transport authorities in Norway, where the Yutong buses are also in service, found that the Chinese supplier had remote access for software updates and diagnostics to the vehicles' control systems -- which could be exploited to affect buses while in transit. Amid concerns over potential security risks, the Norwegian public transport authority Ruter decided to test two electric buses in an isolated environment. Bernt Reitan Jenssen, Ruter's chief executive, said: "The testing revealed risks that we are now taking measures against. National and local authorities have been informed and must assist with additional measures at a national level." Their investigations found that remote deactivation could be prevented by removing the buses' sim cards, but they decided against this because it would also disconnect the bus from other systems. Ruter said it planned to bring in stricter security requirements for future procurements. Jenssen said it must act before the arrival of the next generation of buses, which could be even "more integrated and harder to secure." Movia, Denmark's largest public transport company, has 469 Chinese electric buses in operation -- 262 of which were manufactured by Yutong. Jeppe Gaard, Movia's chief operating officer, said he was made aware of the loophole last week. "This is not a Chinese bus problem," he said. "It is a problem for all types of vehicles and devices with Chinese electronics built in."

Read more of this story at Slashdot.

An anonymous reader shares a report: T-Mobile is opening up access to its Starlink-powered emergency texting service. The carrier announced on Wednesday that anyone with a compatible phone -- even AT&T and Verizon customers -- can sign up to text 911 over satellite for free. In July, T-Mobile launched its "T-Satellite" service to customers across the US for $10 per month, allowing both T-Mobile and non-T-Mobile customers to send messages, share their location, and access select apps over satellite. This service also includes texts to 911, but now, that's available for free.

Read more of this story at Slashdot.

An anonymous reader shares a report: The Microsoft Store on the web now lets you create a multi-app install package on Windows 11 that installs multiple applications from a single installer. This means you can now install multiple apps simultaneously without having to download each one manually. The experience is similar to that of the third-party app Ninite, a package manager that lets you install multiple apps at once.

Read more of this story at Slashdot.

Nothing has announced that it will allow users to delete Facebook, Instagram and other Meta services from its mid-range and entry-level phones after users objected to the company's decision to pre-install these apps. The update will arrive by the end of November for devices running the Android 16-based OS 4.0 on the Phone (3a) series. Nothing said it will continue to pre-install partner apps on non-flagship devices in most regions. Devices in the United Kingdom, European Union and Japan will also come with TikTok installed by default. The company defended the practice by saying most users rely on these apps and that pre-installing them allows faster cold starts. Carl Pei's company blamed razor-thin margins on mid-range devices for the decision to bundle third-party software. Nothing did not address whether users can uninstall the service that powers newly introduced lock screen advertisements, which the company previously described as disabled by default and standard across the industry.

Read more of this story at Slashdot.

Solar geoengineering could increase the ferocity of North Atlantic hurricanes, cause the Amazon rainforest to die back and cause drought in parts of Africa if deployed above only some parts of the planet by rogue actors, a report has warned. The Guardian: However, if technology to block the sun was used globally and in a coordinated way for a long period -- decades or even centuries -- there is strong evidence that it would lower the global temperature, the review from the UK's Royal Society concluded. The world is failing to halt the climate crisis and the researchers said that in future, a judgment might need to be made between the risks of geoengineering and the those of continued global heating, which is already costing lives and livelihoods. The logistics of a large-scale geoengineering effort would be daunting, the experts said, but the cost would be small relative to climate action -- billions of dollars a year against trillions. The researchers emphasised that geoengineering only masked the symptoms of the climate crisis, and did not tackle the root cause -- the burning of fossil fuels. Geoengineering could only complement the cutting of emissions, not replace it, they said. If geoengineering was halted abruptly but emissions had not been reduced, there would be a termination shock of rapidly rising temperatures -- 1-2C within a couple of decades -- that would have severe effects on people and ecosystems unable to rapidly adapt.

Read more of this story at Slashdot.

Financial Times: Deutsche Bank is exploring ways to hedge its exposure to data centres after extending billions of dollars in debt to the sector to keep up with demand for artificial intelligence and cloud computing. Executives inside the bank have discussed ways to manage its exposure to the booming industry as so-called hyperscalers pour hundreds of billions of dollars into building infrastructure for their AI needs that is increasingly funded by debt. The German lender is looking at options including shorting a basket of AI-related stocks that would help mitigate downside risk by betting against companies in the sector. It is also considering buying default protection on some of the debt using derivatives through a transaction known as synthetic risk transfer (SRT). Deutsche's investment banking business has "bet big" on data centre financing, according to one senior executive. However, the scale of expenditure on AI infrastructure has prompted concerns that a bubble is forming with some likening the enthusiasm to that which preceded the dotcom crash. Sceptics have pointed out that billions of dollars have been deployed in an untested industry with assets that quickly depreciate in value due to the rapid change in technology.

Read more of this story at Slashdot.

The Chinese government has issued guidance requiring new data centre projects that have received any state funds to only use domestically-made AI chips, Reuters reported Wednesday, citing sources familiar with the matter. From the report: In recent weeks, Chinese regulatory authorities have ordered such data centres that are less than 30% complete to remove all installed foreign chips, or cancel plans to purchase them, while projects in a more advanced stage will be decided on a case-by-case basis, the sources said. The move could represent one of China's most aggressive steps yet to eliminate foreign technology from its critical infrastructure amid a pause in trade hostilities between Washington and Beijing, and achieve its quest for AI chip self-sufficiency. China's access to advanced AI chips, including those made by Nvidia, has been a key point of friction with the U.S., as the two wrestle for dominance in high-end computing power and AI. U.S. President Donald Trump said in an interview aired on Sunday following talks with Chinese President Xi Jinping last week that Washington will "let them deal with Nvidia but not in terms of the most advanced" chips.

Read more of this story at Slashdot.

Epic Games and Google have agreed to settle their long-running antitrust lawsuit. The settlement converts Judge James Donato's United States-only injunction into a global agreement extending through June 2032. Google will reduce its standard app store fees to either 20% or 9% depending on the transaction type. The company will also create a program in the next major Android release allowing alternative app stores to register and become what Google calls first-class citizens. Users will be able to install these registered app stores from a website with a single click using neutral language. The settlement addresses Epic's concerns about friction and scare screens that discouraged sideloading. Google will charge a 5% fee for transactions using Google Play Billing, separate from its service fee. Alternative payment options must be shown alongside Google Play Billing.

Read more of this story at Slashdot.

An anonymous reader shares a report: Kodak quietly acknowledged this week that it will begin selling two famous types of film stock -- Kodak Gold 200 and Kodak Ultramax 400 -- directly to retailers and distributors in the U.S., another indication that the historic company is taking back control over how people buy its film. The release comes on the heels of Kodak announcing that it would make and sell two new stocks of film called Kodacolor 100 and Kodacolor 200 in October. On Monday, both Kodak Gold and Kodak Ultramax showed back up on Kodak's website as film stocks that it makes and sells. When asked by 404 Media, a company spokesperson said that it has "launched" these film stocks and will begin to "sell the films directly to distributors in the U.S. and Canada, giving Kodak greater control over our participation in the consumer film market."

Read more of this story at Slashdot.

An anonymous reader shares a report: The world should watch out for three possible bubbles in financial markets, including AI, the head of the World Economic Forum said on Wednesday, in comments that came amid sharp falls in global technology stocks. Brokers and analysts say the falls are a cause for caution but not panic as markets have been touching record highs and some valuations are looking overblown. "We could possibly see bubbles moving forward. One is a crypto bubble, second an AI bubble, and the third would be a debt bubble," WEF president Borge Brende told reporters during a visit to Brazil's financial hub, Sao Paolo.

Read more of this story at Slashdot.

Europe's self-driving car industry has fallen far behind the United States and China. Self-driving taxis developed by Tesla and Waymo have become commonplace in several American cities. Waymo overtook Lyft's market share in San Francisco in June. China operates a thriving robotaxi industry led by Baidu, WeRide and Pony AI. Europe has no established player and runs pilot projects in only a handful of cities. The most promising is Volkswagen-backed Moia in Germany. Markus Villig, chief executive of Estonian ride-hailing company Bolt Technology, told Brussels officials in mid-October that Europeans will move about their cities in American robotaxis by 2030 unless the European Commission acts quickly. He called for investment, regulatory clarity and restrictions on foreign competitors. Traffic laws governing self-driving tests vary at national and city levels across Europe. Commission President Ursula von der Leyen delivered a speech in Turin about AI adoption days before Villig's visit. Last week, Henna Virkkunen, the commission's technology chief, gathered carmakers and technologists to create a harmonized framework for self-driving cars. Waymo announced plans to provide driverless rides in the United Kingdom starting in 2026.

Read more of this story at Slashdot.

Brazil is set to announce Thursday the establishment of a multibillion-dollar fund designed to pay countries to keep their tropical forests standing. The Tropical Forest Forever Facility would deliver $4 billion per year to as many as 74 countries that maintain their forest cover. The fund requires $25 billion from governments and philanthropies to begin operations. Private investors would contribute the remaining $100 billion. Brazil has committed $1 billion. Countries would receive around $4 per hectare of standing forest after using satellite imagery to verify forests remain in place. Nations with annual deforestation rates above 0.5% are ineligible for payouts. Indonesia, which has rapidly lost forests to palm-oil cultivation and mining, cannot participate. One-fifth of the payments are designated for forest communities. The World Bank is managing the fund.

Read more of this story at Slashdot.

DRAM contract prices surged 171.8% year-over-year as of the third quarter of 2025. The increase now exceeds the rate at which gold prices have climbed. ADATA chairman Chen Libai stated that the fourth quarter of 2025 will mark the beginning of a major DRAM bull market. He expects severe shortages to materialize in 2026. Memory manufacturers have shifted production priorities toward datacenter-focused memory types like RDIMM and HBM. Consumer DDR5 production has declined as a result. A Corsair Vengeance RGB dual-channel DDR5 kit that sold for $91 dollars in July now costs a $183 dollars on Newegg. The pricing trend extends to NAND flash and hard drives. Analysts project the increases will persist for at least four years, matching the duration of supply contracts that some companies have signed with Samsung and SK Hynix.

Read more of this story at Slashdot.

President Trump has re-nominated tech billionaire and private astronaut Jared Isaacman to lead NASA, reversing his earlier withdrawal over concerns about Isaacman's political affiliations. CBS News reports: Mr. Trump nominated Isaacman to the Senate-confirmed post last year, but announced in late May he had decided to withdraw Isaacman after a "thorough review" of his "prior associations." Weeks after the withdrawal, the president went further in expressing his concerns about Isaacman's credentials. At the time, Mr. Trump acknowledged that he thought Isaacman "was very good," but had been "surprised to learn" that Isaacman was a "blue-blooded Democrat, who had never contributed to a Republican before." [...] Mr. Trump made no mention of his previous decision to nominate and then withdraw Isaacman in his Tuesday evening announcement of the re-nomination on his Truth Social platform. "This evening, I am pleased to nominate Jared Isaacman, an accomplished business leader, philanthropist, pilot, and astronaut, as Administrator of NASA," Trump posted. "Jared's passion for Space, astronaut experience, and dedication to pushing the boundaries of exploration, unlocking the mysteries of the universe, and advancing the new Space economy, make him ideally suited to lead NASA into a bold new Era."

Read more of this story at Slashdot.

Longtime Slashdot reader hackingbear writes: South China Morning Post, citing Chinese state media, reported that an experimental reactor developed in the Gobi Desert by the Chinese Academy of Sciences' Shanghai Institute of Applied Physics has achieved thorium-to-uranium fuel conversion, paving the way for an almost endless supply of nuclear energy. It is the first time in the world that scientists have been able to acquire experimental data on thorium operations from inside a molten salt reactor according to a report by Science and Technology Daily. Thorium is much more abundant and accessible than uranium and has enormous energy potential. One mine tailings site in Inner Mongolia is estimated to hold enough of the element to power China entirely for more than 1,000 years. At the heart of the breakthrough is a process known as in-core thorium-to-uranium conversion that transforms naturally occurring thorium-232 into uranium-233 -- a fissile isotope capable of sustaining nuclear chain reactions within the reactor itself. Thorium (Th-232) is not itself fissile and so is not directly usable in a thermal neutron reactor. Thorium fuels therefore need a fissile material as a 'driver' so that a chain reaction (and thus supply of surplus neutrons) can be maintained. The only fissile driver options are U-233, U-235 or Pu-239. (None of these are easy to supply.) In the 1960s, the Oak Ridge National Laboratory (USA) designed and built a demonstration MSR using U-233, derived externally from thorium as the main fissile driver.

Read more of this story at Slashdot.

Dotan was digging through vendor supplied documentation to understand how to use an API. To his delight, he found a specific function which solved exactly the problem he had, complete with examples of how it was to be used. Fantastic!

He copied one of the examples, and hit compile, and reviewed the list of errors. Mostly, the errors were around "the function you're calling doesn't exist". He went back to the documentation, checked it, went back to the code, didn't find any mistakes, and scratched his head.

Now, it's worth noting the route Dotan took to find the function. He navigated there from a different documentation page, which sent him to an anchor in the middle of a larger documentation page- vendorsite.com/docs/product/specific-api#specific-function.

This meant that as the page loaded, his browser scrolled directly down to the specific-function section of the page. Thus, Dotan missed the gigantic banner at the top of the page for that API, which said this:

/!\ NOTE /!\ NOTE /!\ NOTE /!\ NOTE /!\ NOTE /!\ NOTE /!\ NOTE /!
This doc was written to help flesh out a user API. The features described here are all hypothetical and do not actually exist yet, don't assume anything you see on this page works in any version /!\ NOTE /!\ NOTE /!\ NOTE /!\ NOTE /!\ NOTE /!\ NOTE /!\ NOTE /!\

On one hand, I think providing this kind of documentation is invaluable, both to your end users and for your own development team. It's a great roadmap, a "documentation driven development" process. And I can see that they made an attempt to be extremely clear about it being incomplete and unimplemented- but they didn't think about how people actually used their documentation site. A banner at the top of the page only works if you read the page from top to bottom, but documentation pages you will frequently skip to specific sections of the page.

But there was a deeper issue with the way this particular approach was executed: while the page announced that one shouldn't assume anything works, many of the functions on the page did work. Many did not. There was no rhyme or reason, to version information or other indicators to help a developer understand what was and was not actually implemented.

So while the idea of a documentation-oriented roadmap specifying features that are coming is good, the execution here verged into WTF territory. It was a roadmap, but with all the landmarks erased, so you had no idea where you actually were along the length of that road. And the one warning sign that would help you was hidden behind a bush.

Dotan asks: "WTF is that page doing on the official documentation wiki?"

And I'd say, I understand why it's there, but boy it should have been more clear about what it actually was.

[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

An anonymous reader quotes a report from Ars Technica: Although Google DeepMind's Weather Lab only started releasing cyclone track forecasts in June, the company's AI forecasting service performed exceptionally well. By contrast, the Global Forecast System model, operated by the US National Weather Service and is based on traditional physics and runs on powerful supercomputers, performed abysmally. The official data comparing forecast model performance will not be published by the National Hurricane Center for a few months. However, Brian McNoldy, a senior researcher at the University of Miami, has already done some preliminary number crunching. The results are stunning: A little help in reading the graphic is in order. This chart sums up the track forecast accuracy for all 13 named storms in the Atlantic Basin this season, measuring the mean position error at various hours in the forecast, from 0 to 120 hours (five days). On this chart, the lower a line is, the better a model has performed. The dotted black line shows the average forecast error for official forecasts from the 2022 to 2024 seasons. What jumps out is that the United States' premier global model, the GFS (denoted here as AVNI), is by far the worst-performing model. Meanwhile, at the bottom of the chart, in maroon, is the Google DeepMind model (GDMI), performing the best at nearly all forecast hours. The difference in errors between the US GFS model and Google's DeepMind is remarkable. At five days, the Google forecast had an error of 165 nautical miles compared to 360 nautical miles for the GFS model, more than twice as bad. This is the kind of error that causes forecasters to completely disregard one model in favor of another. But there's more. Google's model was so good that it regularly beat the official forecast from the National Hurricane Center (OFCL), which is produced by human experts looking at a broad array of model data. The AI-based model also beat highly regarded "consensus models," including the TVCN and HCCA products. For more information on various models and their designations, see here.

Read more of this story at Slashdot.

Google has delisted over 749 million URLs from Anna's Archive, a shadow library and meta-search engine for pirated books, representing 5% of all copyright takedown requests ever filed with the company. TorrentFreak reports: Google's transparency report reveals that rightsholders asked Google to remove 784 million URLs, divided over the three main Anna's Archive domains. A small number were rejected, mainly because Google didn't index the reported links, resulting in 749 million confirmed removals. The comparison to sites such as The Pirate Bay isn't fair, as Anna's Archive has many more pages in its archive and uses multiple country-specific subdomains. This means that there's simply more content to take down. That said, in terms of takedown activity, the site's three domain names clearly dwarf all pirate competition. Since Google published its first transparency report in May 2012, rightsholders have flagged 15.1 billion allegedly infringing URLs. That's a staggering number, but the fact that 5% of the total targeted Anna's Archive URLs is remarkable. Penguin Random House and John Wiley & Sons are the most active publishers targeting the site, but they are certainly not alone. According to Google data, more than 1,000 authors or publishers have sent DMCA notices targeting Anna's Archive domains. Yet, there appears to be no end in sight. Rightsholders are reporting roughly 10 million new URLs per week for the popular piracy library, so there is no shortage of content to report.

Read more of this story at Slashdot.

Apple has officially launched a web-based version of its App Store that lets users browse apps across all Apple devices through a redesigned interface. "There's no way to download apps from the App Store on the web, however," notes The Verge. "Apple just gives you the option to share an app or open it directly inside the App Store installed on your device." From the report: Now, when you navigate to apps.apple.com, you'll see the revamped interface instead of a webpage that just contains information about the App Store. [...] Along with the ability to switch between listings of apps for the iPhone, iPad, Mac, Vision Pro, Apple Watch, and Apple TV, you can check out recommendations on the Today tab as well as sort apps by category, such as productivity, entertainment, adventure, and more. The new web-based App Store also serves as a portal where you can search for apps, too.

Read more of this story at Slashdot.

A massive cyberattack on Swedish IT supplier Miljodata exposed personal data from up to 1.5 million citizens, prompting a national privacy investigation and scrutiny into security failures across multiple municipalities. BleepingComputer reports: MiljÃdata is an IT systems supplier for roughly 80% of Sweden's municipalities. The company disclosed the incident on August 25, saying that the attackers stole data and demanded 1.5 Bitcoin to not leak it. The attack caused operational disruptions that affected citizens in multiple regions in the country, including Halland, Gotland, Skelleftea, Kalmar, Karlstad, and Monsteras. Because of the large impact, the state monitored the situation from the time of disclosure, with CERT-SE and the police starting to investigate immediately. According to IMY, the attacker exposed on the dark web data that corresponds to 1.5 million people in the country, creating the basis for investigating potential General Data Protection Regulation (GDPR) violations. [...] Although no ransomware groups had claimed the attack when Miljodata disclosed the incident, BleepingComputer found that the threat group Datacarry posted the stolen data on its dark web portal on September 13. The leaked database has been added to Have I Been Pwned, which contains information such as names, email addresses, physical addresses, phone numbers, government IDs, and dates of birth.

Read more of this story at Slashdot.