We previously discussed some whitespacing choices in a C++ codebase. Tim promised that there were more WTFs lurking in there, and has delivered one.

Let's start with this class constructor:

QBatch_arithExpr::QBatch_arithExpr(QBatch_unOp, const QBatch_snippet &, const QBatch_snippet &);

You'll notice that this takes a parameter of type QBatch_unOp. What is that type? Well, it's an enumerated type describing the kind of operation this arithExpr represents. That is to say, they're not using real inheritance, but instead switching on the QBatch_unOp value to decide which code branch to execute- hand-made, home-grown artisanal inheritance. And while there are legitimate reasons to avoid inheritance, this is a clear case of "is-a" relationships, and it would allow compile-time checking of how you combine your types.

Tim also points out the use of the "repugnant west const", which is maybe a strong way to word it, but definitely using only "east const" makes it a lot easier to understand what the const operator does. It's worth noting that in this example, the second parameters is a const reference (not a reference to a const value).

Now, they are using inheritance, just not in that specific case:

class QBatch_paramExpr : public QBatch_snippet {...};

There's nothing particularly wrong with this, but we're going to use this parameter expression in a moment.

QBatch_arithExpr* Foo(QBatch_snippet *expr) { // snip QBatch_arithExpr *derefExpr = new QBatch_arithExpr(enum_tag1, *(new QBatch_paramExpr(paramId))); assert(derefExpr); return new QBatch_arithExpr(enum_tag2, *expr, *derefExpr); }

Honestly, in C++ code, seeing a pile of "*" operators and raw pointers is a sign that something's gone wrong, and this is no exception.

Let's start with calling the QBatch_arithExpr constructor- we pass it *(new QBatch_paramExpr(paramId)), which is a multilayered "oof". First, the new operator will heap allocate and construct an object, and return a pointer to that object. We then dereference that pointer, and pass the value as a reference to the constructor. This is an automatic memory leak; because we never trap the pointer, we never have the opportunity to release that memory. Remember kids, in C/C++ you need clear ownership semantics and someone needs to be responsible for deallocating all of the allocated memory- every new needs a delete, in this case.

Now, new QBatch_arithExpr(...) will also return a pointer, which we put in derefExpr. We then assert on that pointer, confirming that it isn't null. Which… it can't be. A constructor may fail and throw an exception, but you'll never get a null (now, I'm sure a sufficiently motivated programmer can mix nothrow and -fno-exceptions to get constructors to return null, but that's not happening here, and shouldn't happen anywhere).

Then we dereference that pointer and pass it to QBatch_arithExpr- creating another memory leak. Two memory leaks in three lines of code, where one line is an assert, is fairly impressive.

Elsewhere in the code, shared_pointer objects are used, wit their names aliased to readable types, aka QBatch_arithExpr::Ptr, and if that pattern were followed here, the memory leaks would go away.

As Tim puts it: "Some folks never quite escaped their Java background," and in this case, I think it shows. Objects are allocated with new, but never deleted, as if there's some magical garbage collector which is going to find the unused objects and free them.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

An anonymous reader quotes a report from Ars Technica: On Tuesday, OpenAI unveiled a new "Responses API" designed to help software developers create AI agents that can perform tasks independently using the company's AI models. The Responses API will eventually replace the current Assistants API, which OpenAI plans to retire in the first half of 2026. With the new offering, users can develop custom AI agents that scan company files with a file search utility that rapidly checks company databases (with OpenAI promising not to train its models on these files) and navigate websites -- similar to functions available through OpenAI's Operator agent, whose underlying Computer-Using Agent (CUA) model developers can also access to enable automation of tasks like data entry and other operations. However, OpenAI acknowledges that its CUA model is not yet reliable for automating tasks on operating systems and can make unintended mistakes. The company describes the new API as an early iteration that it will continue to improve over time. Developers using the Responses API can access the same models that power ChatGPT Search: GPT-4o search and GPT-4o mini search. These models can browse the web to answer questions and cite sources in their responses. That's notable because OpenAI says the added web search ability dramatically improves the factual accuracy of its AI models. On OpenAI's SimpleQA benchmark, which aims to measure confabulation rate, GPT-4o search scored 90 percent, while GPT-4o mini search achieved 88 percent -- both substantially outperforming the larger GPT-4.5 model without search, which scored 63 percent. Despite these improvements, the technology still has significant limitations. Aside from issues with CUA properly navigating websites, the improved search capability doesn't completely solve the problem of AI confabulations, with GPT-4o search still making factual mistakes 10 percent of the time. Alongside the Responses API, OpenAI released the open source Agents SDK, providing developers free tools to integrate models with internal systems, implement safeguards, and monitor agent activities. This toolkit follows OpenAI's earlier release of Swarm, a framework for orchestrating multiple agents.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: There's a power crunch looming as AI and cloud providers ramp up data center construction. But a new report suggests that a solution lies beneath their foundations. Advanced geothermal power could supply nearly two-thirds of new data center demand by 2030, according to an analysis by the Rhodium Group. The additions would quadruple the amount of geothermal power capacity in the U.S. -- from 4 gigawatts to about 16 gigawatts -- while costing the same or less than what data center operators pay today. In the western U.S., where geothermal resources are more plentiful, the technology could provide 100% of new data center demand. Phoenix, for example, could add 3.8 gigawatts of data center capacity without building a single new conventional power plant. Geothermal resources have enormous potential to provide consistent power. Historically, geothermal power plants have been limited to places where Earth's heat seeps close to the surface. But advanced geothermal techniques could unlock 90 gigawatts of clean power in the U.S. alone, according to the U.S. Department of Energy. [...] Because geothermal power has very low running costs, its price is competitive with data centers' energy costs today, the Rhodium report said. When data centers are sited similarly to how they are today, a process that typically takes into account proximity to fiber optics and major metro areas, geothermal power costs just over $75 per megawatt hour. But when developers account for geothermal potential in their siting, the costs drop significantly, down to around $50 per megawatt hour. The report assumes that new generating capacity would be "behind the meter," which is what experts call power plants that are hooked up directly to a customer, bypassing the grid. Wait times for new power plants to connect to the grid can stretch on for years. As a result, behind the meter arrangements have become more appealing for data center operators who are scrambling to build new capacity.

Read more of this story at Slashdot.

Sphere Entertainment Co, the company behind the Las Vegas Sphere, said they are considering opening scaled-down versions of the immersive venue in other cities. AV Magazine reports: While this has been been feasible for its high-profile residencies such as U2, the Eagles, Dead & Company and Anyma, smaller venues could attract a broader range of artists who might not have the budget or demand to fill the flagship Las Vegas location. By scaling down the size while retaining the signature technology, Sphere Entertainment Co can offer a similar spectacle at a more sustainable cost for artists and spectators. The possibility of mini-Spheres follows news that a full-scale venue will open in the UAE as a result of a partnership between Sphere Entertainment Co and the Department of Culture and Tourism -- Abu Dhabi. Beyond concerts, the Las Vegas Sphere has proven successful with immersive films such as V-U2: An Immersive Concert Film and the Sphere Expeience featuring Darren Aronofsky's Postcard from Earth, which In January passed 1,000 screenings. "As we enter a new fiscal year, we see significant opportunities to drive our Sphere business forward in Las Vegas and beyond," said Dolan. "We believe we are on a path toward realizing our vision for this next-generation medium and generating long-term shareholder value."

Read more of this story at Slashdot.

MojoKid writes: AMD just launched its latest flagship desktop processors, the Ryzen 9 9950X3D. Ryzen 9 9950X3D is a 16-core/32-thread, dual-CCD part with a base clock of 4.3GHz and a max boost clock of 5.7GHz. There's also 96MB of second-gen 3D V-Cache on board. Standard Ryzen 9000 series processors feature 32MB of L3 cache per compute die, but with the Ryzen 9 9950X3D, one compute die is outfitted with an additional 96MB of 3D V-Cache, bringing the total L3 up to 128MB (144MB total cache). The CCD outfitted with 3D V-Cache operates at more conservative voltages and frequencies, but the bare compute die is unencumbered. The Ryzen 9 9950X3D turns out to be a high-performance, no-compromise desktop processor. Its complement of 3D V-Cache provides tangible benefits in gaming, and AMD's continued work on the platform's firmware and driver software ensures that even with the Ryzen 9 9950X3D's asymmetrical CCD configuration, performance is strong across the board. At $699, it's not cheap but its a great CPU for gaming and content creation, and one of the most powerful standard desktop CPUs money can buy currently.

Read more of this story at Slashdot.

Microsoft is ending support of its Remote Desktop app for Windows on May 27th. From a report: If you use the Remote Desktop app to connect to Windows 365, Azure Virtual Desktop, or Microsoft Dev Box machines then you'll have to transition to the Windows app instead. The new Windows app, which launched in September, includes multimonitor support, dynamic display resolutions, and easy access to cloud PCs and virtual desktops. Microsoft says "connections to Windows 365, Azure Virtual Desktop, and Microsoft Dev Box via the Remote Desktop app from the Microsoft Store will be blocked after May 27th, 2025."

Read more of this story at Slashdot.

A new chapter has begun for two of the world's most popular preprint platforms, bioRxiv and medRxiv, with the launch of a non-profit organization that will manage them, their co-founders announced today. From a report: The servers allow researchers to share manuscripts for free before peer review and have become an integral part of publishing biology and medical research. Until now, they had been managed by Cold Spring Harbor Laboratory (CSHL) in New York. The new organization, named openRxiv, will have a board of directors and a scientific and medical advisory board. It is supported by a fresh US$16-million grant from the Chan Zuckerberg Initiative (CZI), the projects' main financial backer. "It's just exciting to see this key piece of infrastructure really get the attention that it deserves as a dedicated initiative," says Katie Corker, executive director of ASAPbio, a scientist-driven non-profit organization, which is based in San Francisco, California. Preprints are "the backbone of the scientific publishing ecosystem, maybe especially at the current moment, when there's a lot of worries about who has control of information." The launch of openRxiv "reflects a maturation of the projects," which started as an experiment at CSHL, says Richard Sever, a co-founder of both servers and chief science and strategy officer at openRxiv. It has "become so important that they should have their own organization running them, which is focused on the long-term sustainability of the servers, as opposed to being a side project within a big research institution," says Sever.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Washington Post: An Amazon-backed self-driving taxi failed to meet vehicle safety standardsbecause it lacks basics like a brake pedal and rearview mirrors, according to a report by federal inspectors that raises questions about the industry's plans to put a new generation of autonomous vehicles on U.S. roads. The National Highway Traffic Safety Administration report was produced as part of a review last year of an unusual vehicle by Amazon subsidiary Zoox that, without a steering wheel or other human controls, has no way for a person to drive. Zoox has asserted that the vehicle's technology, backed by artificial intelligence, complies with the agency's standards. But the NHTSA report documents "apparent noncompliances" with eight safety rules. The contents of the previously undisclosed review suggest that rules written when autonomous vehicles were the stuff of futuristic musings pose a legal impediment to the industry's ambitions, even as plans for self-driving vehicles accelerate. Zoox has a small pilot fleet on the roads in California and Nevada and says it has completed thousands of trips carrying employees and guests. It is finalizing plans to launch public service in Las Vegas this year. [...] By documenting the apparent noncompliances of the Zoox, NHTSA could be setting the table for a recall, under agency procedures. It is unclear whether the Trump administration will attempt a change in course. The agency said it remains in discussion with Zoox and was "considering all options." Zoox could have sought an exemption from the safety rules, but NHTSA has never granted one to an autonomous passenger vehicle. Instead, the company self-certified that its vehicle complied with the rules as it raced to be the first company to put a purpose-built robotaxi on the road and claim a share of what could become a multi trillion-dollar market. Zoox's vehicle bears little resemblance to a normal car. The plan is for customers to summon a ride using an app, much like a regular ride-hailing vehicle, getting in through bus-like doors and sitting facing one another. The vehicle navigates itself, seeing the world through a set of cameras and laser-based sensors. It largely relies on its own abilities to drive, but the company says teams of remote operators can seize control to help handle unusual situations. Passengers can call for assistance via a touch screen and open the doors using an emergency release. "We will continue to support transportation technology innovation while maintaining the safety of America's roads," NHTSA said in a statement. "Our recent discussions with NHTSA are about mirrors, windshield wipers, a defroster, and a foot-activated brake pedal -- equipment that makes sense for vehicles with human drivers, but not for the Zoox purpose-built robotaxi," Zoox said in a statement. "Our purpose-built design means that the robotaxi can never be operated by a human driver, and our AI driver doesn't rely on this equipment to view the world."

Read more of this story at Slashdot.

The Ballista botnet is actively exploiting a high-severity remote code execution flaw (CVE-2023-1389) in TP-Link Archer AX-21 routers, infecting over 6,000 devices primarily in Brazil, Poland, the UK, Bulgaria, and Turkey. Tom's Hardware reports: According to a new report from the Cato CTRL team, the Ballista botnet exploits a remote code execution vulnerability that directly impacts the TP-Link Archer AX-21 router. The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw (tracked as CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks. The flaw also linked to the Condi and AndroxGh0st malware attacks. Ballista's most recent exploitation attempt was February 17, 2025 and Cato CTRL first detected it on January 10, 2025. Of the thousands of infected devices, the majority of them are concentrated in Brazil, Poland, the United Kingdom, Bulgaria and Turkey; with the botnet targeting manufacturing, medical/healthcare, services and technology organizations in the United States, Australia, China and Mexico.

Read more of this story at Slashdot.

Spain's government has approved legislation imposing substantial fines of up to 35 million euros or 7% of global turnover on companies that fail to clearly label AI-generated content. Reuters reports: The bill adopts guidelines from the European Union's landmark AI Act imposing strict transparency obligations on AI systems deemed to be high-risk, Digital Transformation Minister Oscar Lopez told reporters. "AI is a very powerful tool that can be used to improve our lives ... or to spread misinformation and attack democracy," he said. Spain is among the first EU countries to implement the bloc's rules, considered more comprehensive than the United States' system that largely relies on voluntary compliance and a patchwork of state regulations. Lopez added that everyone was susceptible to "deepfake" attacks - a term for videos, photographs or audios that have been edited or generated through AI algorithms but are presented as real. [...] The bill also bans other practices, such as the use of subliminal techniques - sounds and images that are imperceptible - to manipulate vulnerable groups. Lopez cited chatbots inciting people with addictions to gamble or toys encouraging children to perform dangerous challenges as examples. It would also prevent organizations from classifying people through their biometric data using AI, rating them based on their behavior or personal traits to grant them access to benefits or assess their risk of committing a crime. However, authorities would still be allowed to use real-time biometric surveillance in public spaces for national security reasons.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Register: Vodafone is warning staff in the UK to work onsite at least eight days a month or be subject to disciplinary action from April. Group UK employees were last week sent the "Hybrid Working at Vodafone" memo -- seen by The Register -- to highlight the policy and tell them to expect a year-end conversation with their line manager. "You will have read in Get Ready for Year-End Conversations and a Hybrid Working Reminder [documents] that your line manager may discuss hybrid working with you as part of your year-end conversation. "We therefore want to remind everyone of the Group UK Hybrid Working policy. It's essential that all employees adhere to the expectation of being in the office 2-3 times a week, or at least eight days a month," it states. "Employees who are not fully compliant with our hybrid working policy by the end of Q1 may be subject to disciplinary action in line with policy. Continued non-compliance with attendance expectations could result in a final written warning, which would mean individuals are not meeting the minimum performance standards and therefore would not be eligible for a bonus in 2026 or in subsequent years in which a final warning is given." Line managers can ask team members to attend the office on a specific day if reasonable notice is given and are advised to set team days to "help teach members to form a pattern." Vodafone has operated a hybrid work policy since 2021 "following the pandemic." "Vodafone's hybrid working policy has been in place since 2021, with all employees expected to be in the office 2-3 times a week, or at least eight days a month," said the company in a statement. "This allows flexibility for staff, and for them to benefit from in-office collaboration."

Read more of this story at Slashdot.

Southwest Airlines boasts that its passengers' "bags fly free" -- but not for long. From a report: Starting May 28 -- just in time for the busy summer travel season -- only Southwest's most elite Rapid Rewards A-List Preferred members and passengers who book their top-tier Business Select fares will receive two free checked bags. Frequent flyer A-List Members, Southwest-branded credit card holders and other select customers will be allowed one checked bag. Everyone else will be charged for their first and second checked bags on flights booked on or after May 28, the carrier says. It's a break with Southwest's 54 year history -- one that could undermine customer loyalty to the carrier, according to experts. "This is how you destroy a brand. This is how you destroy customer preference. This is how you destroy loyalty. And this, I think, is going to send Southwest into a financial tailspin," airline industry analyst Henry Harteveldt, of Atmosphere Research Group, told CBS News senior transportation correspondent Kris Van Cleave. "Southwest, with these changes, becomes just another airline."

Read more of this story at Slashdot.

Abstract of a paper published on Journal of Hospitality and Tourism Management:The adoption of digital menus accessed through quick response (QR) codes has witnessed a notable upsurge. Despite potential benefits for restaurant operators, the nuanced effects of QR code menus on customer behavior and experience remain relatively unknown. This research investigates the influence of menu presentation (QR code vs. traditional) on customer loyalty. In two studies, we find that QR code menus diminish customer loyalty (compared to traditional menus) due to perceived inconvenience. This effect is further moderated by customers' need for interaction. Our work is timely in highlighting the negative impact of perceptions of inconvenience on technology adoption.

Read more of this story at Slashdot.

Businesses, governments, and researchers continue to struggle with extracting usable data from PDF files, despite AI advances. These digital documents contain valuable information for everything from scientific research to government records, but their rigid formats make extraction difficult. "PDFs are a creature of a time when print layout was a big influence on publishing software," Derek Willis, a lecturer in Data and Computational Journalism at the University of Maryland, told ArsTechnica. This print-oriented design means many PDFs are essentially "pictures of information" requiring optical character recognition (OCR) technology. Traditional OCR systems have existed since the 1970s but struggle with complex layouts and poor-quality scans. New AI language models from companies like Google and Mistral now attempt to process documents more holistically, with varying success. "Right now, the clear leader is Google's Gemini 2.0 Flash Pro Experimental," Willis notes, while Mistral's recent OCR solution "performed poorly" in tests.

Read more of this story at Slashdot.

Nearly every country on Earth has dirtier air than doctors recommend breathing, a report has found. From a report: Only seven countries met the World Health Organization's guidelines for tiny toxic particles known as PM2.5 last year, according to analysis from the Swiss air quality technology company IQAir. Australia, New Zealand and Estonia were among the handful of countries with a yearly average of no more than 5ug of PM2.5 per cubic metre, along with Iceland and some small island states. The most polluted countries were Chad, Bangladesh, Pakistan, the Democratic Republic of the Congo and India. PM2.5 levels in all five countries were at least 10 times higher than guideline limits in 2024, the report found, stretching as much as 18 times higher than recommended levels in Chad. Doctors say there are no safe levels of PM2.5, which is small enough to slip into the bloodstream and damage organs throughout the body, but have estimated millions of lives could be saved each year by following their guidelines. Dirty air is the second-biggest risk factor for dying after high blood pressure.

Read more of this story at Slashdot.

An anonymous reader shares a report: The average American workday now concludes at 4:39 p.m., a notable 36 minutes earlier than it did just two years ago when the clock-out time hovered around 5:21 p.m, according to the latest data from the workforce analytics and productivity software company ActivTrak. The new report tracked the workplace behaviors of over 200,000 employees across 777 companies. Despite the shorter workday, the data suggests that overall productivity has increased by about 2%. Per ActivTrak, employees now engage in focused, 24-minute spurts of productivity. "I hope to see these numbers remain consistent year-over-year when it comes to workday span and productivity," said Gabriela Mauch, the head of ActivTrak's Productivity Lab. "These are healthy numbers. We've adapted to a traditional workday on average, while offering flexibility and fluidity in a way that meets employees where they are." Seasonal fluctuations are another notable factor, the report found. Workers tend to put in longer hours during August and December. The August increase aligns with employees returning from vacation and starting to scramble to meet end-of-year goals, Mauch said. It may be that organizations also see the month of December as another chance to catch up, she added.

Read more of this story at Slashdot.

A critical root certificate expiring on March 14, 2025 will disable extensions and potentially break DRM-dependent streaming services for Firefox users running outdated browsers. Users must update to at least Firefox 128 or ESR 115.13+ to maintain functionality across Windows, macOS, Linux, and Android platforms. The expiration additionally compromises security infrastructure, including blocklists for malicious add-ons, SSL certificate revocation lists, and password breach notifications. Even those on legacy operating systems (Windows 7/8/8.1, macOS 10.12â"10.14) must update to minimum ESR 115.13+.

Read more of this story at Slashdot.

The US's largest pension fund has classified more than $3 billion of holdings in oil drillers, coal miners, and other major greenhouse gas producers as climate-friendly investments, according to a new analysis of public records. From a report: Stakes in Saudi Aramco, Chevron Corp. and Chinese coal company Inner Mongolia Dian Tou Energy are among the holdings that California Public Employees' Retirement System labeled as "climate solutions." The findings are part of a report from California Common Good, a coalition of environmental advocates and public sector unions. The group, which has called for Calpers to divest from major oil and gas companies, is staging protests Tuesday at Chevron's San Francisco Bay Area refinery and in the burn zone of the Eaton fire near Los Angeles.

Read more of this story at Slashdot.

SpaceX's Starlink has secured its first agreement in India, partnering with telecommunications leader Bharti Airtel to bring high-speed satellite internet to the world's most populous country, the companies announced Tuesday [PDF]. The landmark deal will enable Starlink to tap into Airtel's extensive retail network and ground infrastructure while expanding its global reach into previously underserved regions across India, pending regulatory authorizations. "We are excited to work with Airtel and unlock the transformative impact Starlink can bring to the people of India," said Gwynne Shotwell, President and Chief Operating Officer of SpaceX. "The team at Airtel has played a pivotal role in India's telecom story, so working with them to complement our direct offering makes great sense for our business." The collaboration will explore selling Starlink equipment through Airtel's retail stores and offering services to business customers while connecting communities in rural areas with limited connectivity.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the BBC: A former senior Facebook executive has told the BBC how the social media giant worked "hand in glove" with the Chinese government on potential ways of allowing Beijing to censor and control content in China. Sarah Wynn-Williams -- a former global public policy director -- says in return for gaining access to the Chinese market of hundreds of millions of users, Facebook's founder, Mark Zuckerberg, considered agreeing to hiding posts that were going viral, until they could be checked by the Chinese authorities. Ms Williams -- who makes the claims in a new book -- has also filed a whistleblower complaint with the US markets regulator, the Securities and Exchange Commission (SEC), alleging Meta misled investors. The BBC has reviewed the complaint. Facebook's parent company Meta, says Ms Wynn-Williams had her employment terminated in 2017 "for poor performance." It is "no secret we were once interested" in operating services in China, it adds. "We ultimately opted not to go through with the ideas we'd explored." Meta referred us to Mark Zuckerberg's comments from 2019, when he said: "We could never come to agreement on what it would take for us to operate there, and they [China] never let us in." Facebook also used algorithms to spot when young teenagers were feeling vulnerable as part of research aimed at advertisers, Ms Wynn-Williams alleges. A former New Zealand diplomat, she joined Facebook in 2011, and says she watched the company grow from "a front row seat." Now she wants to show some of the "decision-making and moral compromises" that she says went on when she was there. It is a critical moment, she adds, as "many of the people I worked with... are going to be central" to the introduction of AI. In her memoir, Careless People, Ms Wynn-Williams paints a picture of what she alleges working on Facebook's senior team was like.

Read more of this story at Slashdot.