An anonymous reader shares a report: German banks blocked PayPal payments totalling more than 10 billion euros ($11.7 billion) over fraud concerns, the Sueddeutsche Zeitung newspaper reported on Wednesday, without specifying its sources. The payments were halted on Monday after lenders flagged millions of suspicious direct debits from PayPal that appeared last week, the newspaper said. Asked to comment on the report, a PayPal spokesperson said a temporary service interruption had affected "certain transactions from our banking partners and potentially their customers", but that the issue had now been resolved.

Read more of this story at Slashdot.

A U.S.-China research team has developed the world's first one-step process to convert mixed plastic waste into gasoline and hydrochloric acid with up to 95-99% efficiency, all at room temperature and ambient pressure. InterestingEngineering reports: As the authors put it, "The method supports a circular economy by converting diverse plastic waste into valuable products in a single step." To carry out the conversion, the team combines plastic waste with light isoalkanes, hydrocarbon byproducts available from refinery processes. According to the paper, the process yields "gasoline range" hydrocarbons, mainly molecules with six to 12 carbons, which are the primary component of gasoline. The recovered hydrochloric acid can be safely neutralized and reused as a raw material, potentially displacing several high-temperature, energy-intensive production routes described in the paper. "We present here a strategy for upgrading discarded PVC into chlorine-free fuel range hydrocarbons and [hydrochloric acid] in a single-stage process," the researchers said. Reported conversion efficiencies underscore the potential for real-world use. At 86 degrees Fahrenheit (30 degrees Celsius), the process reached 95 percent conversion for soft PVC pipes and 99 percent for rigid PVC pipes and PVC wires. In tests that mixed PVC materials with polyolefin waste, the method achieved a 96 percent solid conversion efficiency at 80 degrees Celsius (176 degrees Fahrenheit). The team describes the approach as applicable beyond laboratory-clean samples. "The process is suitable for handling real-world mixed and contaminated PVC and polyolefin waste streams," the paper states. SCMP points to an ECNU social media post citing the study, which characterized the achievement as a first, efficiently converting difficult-to-degrade mixed plastic waste into premium petrol at ambient temperature and pressure in a single step.

Read more of this story at Slashdot.

Japan has launched its first entirely homegrown quantum computer, built with domestic superconducting qubits and components, and running on the country's own open-source software toolchain, OQTOPUS. "The system is now ready to take on workloads from its base at the University of Osaka's Center for Quantum Information and Quantum Biology (QIQB)," reports LiveScience. From the report: The system uses a quantum chip with superconducting qubits -- quantum bits derived from metals that exhibit zero electrical resistance when cooled to temperatures close to absolute zero (minus 459.67 degrees Fahrenheit, or minus 273.15 degrees Celsius). The quantum processing unit (QPU) was developed at the Japanese research institute RIKEN. Other components that make up the "chandelier" -- the main body of the quantum computer -- include the chip package, delivered by Seiken, the magnetic shield, infrared filters, bandpass filters, a low-noise amplifier and various cables. These are all housed in a dilution refrigerator (a specialized cryogenic device that cools the quantum computing components) to allow for those extremely low temperatures. It also comes alongside a pulse tube refrigerator (which again cools various components in use), controllers and a low-noise power source. OQTOPUS, meanwhile, is a collection of open-source tools that include everything required to run quantum programs. It includes the core engine and cloud module, as well as graphical user interface (GUI) elements, and is designed to be built on top of a QPU and quantum control hardware.

Read more of this story at Slashdot.

Optional types are an attempt to patch the "billion dollar mistake". When you don't know if you have a value or not, you wrap it in an Optional, which ensures that there is a value (the Optional itself), thus avoiding null reference exceptions. Then you can query the Optional to see if there is a real value or not.

This is all fine and good, and can cut down on some bugs. Good implementations are loaded with convenience methods which make it easy to work on the optionals.

But then, you get code like Burgers found. Which just leaves us scratching our heads:

private static final Optional<Boolean> TRUE = Optional.of(Boolean.TRUE); private static final Optional<Boolean> FALSE = Optional.of(Boolean.FALSE);

Look, any time you're making constants for TRUE or FALSE, something has gone wrong, and yes, I'm including pre-1999 versions of C in this. It's especially telling when you do it in a language that already has such constants, though- at its core- these lines are saying TRUE = TRUE. Yes, we're wrapping the whole thing in an Optional here, which potentially is useful, but if it is useful, something else has gone wrong.

Burgers works for a large insurance company, and writes this about the code:

I was trying to track down a certain piece of code in a Spring web API application when I noticed something curious. It looked like there was a chunk of code implementing an application-specific request filter in business logic, totally ignoring the filter functions offered by the framework itself and while it was not related to the task I was working on, I followed the filter apply call to its declaration. While I cannot supply the entire custom request filter implementation, take these two static declarations as a demonstration of how awful the rest of the class is.

Ah, of course- deep down, someone saw a perfectly functional wheel and said, "I could make one of those myself!" and these lines are representative of the result.

[Advertisement] Keep all your packages and Docker containers in one place, scan for vulnerabilities, and control who can access different feeds. ProGet installs in minutes and has a powerful free version with a lot of great features that you can upgrade when ready.Learn more.

An anonymous reader quotes a report from TechCrunch: SpaceX has long marketed Starship as a fully and rapidly reusable rocket that's designed to deliver thousands of pounds of cargo to Mars and make life multiplanetary. But reusability at scale means a space vehicle that can tolerate mishaps and faults, so that a single failure doesn't spell a mission-ending catastrophe. The 10th test flight on Tuesday evening demonstrated SpaceX's focus on fault tolerance. In a post-flight update, SpaceX said the test stressed "the limits of vehicle capabilities." Understanding these edges will be critical for the company's plans to eventually use Starship to launch Starlink satellites, commercial payloads, and eventually astronauts. When the massive Starship rocket lifted off on its 10th test flight Tuesday evening, SpaceX did more than achieve new milestones. It purposefully introduced several faults to test the heat shield, propulsion redundancy, and the relighting of its Raptor engine. The heat shield is among the toughest engineering challenges facing SpaceX. As Elon Musk acknowledged on X in May 2024, a reusable orbital return heat shield is the "biggest remaining problem" to 100% rocket reusability. The belly of the upper stage, also called Starship, is covered in thousands of hexagonal ceramic and metallic tiles, which make up the heat shield. Flight 10 was all about learning how much damage the ship can accept and survive when it goes through atmospheric heating. During the tenth test, engineers intentionally removed tiles from some sections of the ship, and experimented with a new type of actively cooled tile, to gather real-world data and refine designs. [...] Propulsion redundancy was also put to the test. The Super Heavy booster's landing burn configuration appeared to be a rehearsal for engine failure. Engineers intentionally disabled one of the three center Raptor engines during the final phase of the burn and used a backup engine in its place. That was a successful rehearsal for an engine-out event. Finally, SpaceX reported the in-space relight of a Raptor engine, described on the launch broadcast as the second time SpaceX has pulled this off. Reliable engine restarts will be necessary for deep-space missions, propellant transfers, and possibly some payload deployment missions. [...] The next step is translating Flight 10 data into future hardware upgrades to move closer to routine operations and days when, as Musk envisioned, "Starship launches more than 24 times in 24 hours."

Read more of this story at Slashdot.

samleecole shares a report from 404 Media: An app developer has jailbroken Echelon exercise bikes to restore functionality that the company put behind a paywall last month, but copyright laws prevent him from being allowed to legally release it. Last month, Peloton competitor Echelon pushed a firmware update to its exercise equipment that forces its machines to connect to the company's servers in order to work properly. Echelon was popular in part because it was possible to connect Echelon bikes, treadmills, and rowing machines to free or cheap third-party apps and collect information like pedaling power, distance traveled, and other basic functionality that one might want from a piece of exercise equipment. With the new firmware update, the machines work only with constant internet access and getting anything beyond extremely basic functionality requires an Echelon subscription, which can cost hundreds of dollars a year. App engineer Ricky Witherspoon, who makes an app called SyncSpin that used to work with Echelon bikes, told 404 Media that he successfully restored offline functionality to Echelon equipment and won the Fulu Foundation bounty. But he and the foundation said that he cannot open source or release it because doing so would run afoul of Section 1201 of the Digital Millennium Copyright Act, the wide-ranging copyright law that in part governs reverse engineering. There are various exemptions to Section 1201, but most of them allow for jailbreaks like the one Witherspoon developed to only be used for personal use. [...] "I don't feel like going down a legal rabbit hole, so for now it's just about spreading awareness that this is possible, and that there's another example of egregious behavior from a company like this [...] if one day releasing this was made legal, I would absolutely open source this. I can legally talk about how I did this to a certain degree, and if someone else wants to do this, they can open source it if they want to."

Read more of this story at Slashdot.

Nevada has been crippled by a cyberattack that began on August 24, taking down state websites, intermittently disabling phone lines, and forcing offices like the DMV to close. The Register reports: The Office of Governor Joseph Lombardo announced the attack via social media on Monday, saying that a "network security incident" took hold in the early hours of August 24. Official state websites remain unavailable, and Lombardo's office warned that phone lines will be intermittently down, although emergency services lines remain operational. State offices are also closed until further notice, including Department of Motor Vehicles (DMV) buildings. The state said any missed appointments will be honored on a walk-in basis. "The Office of the Governor and Governor's Technology Office (GTO) are working continuously with state, local, tribal, and federal partners to restore services safely," the announcement read. "GTO is using temporary routing and operational workarounds to maintain public access where it is feasible. Additionally, GTO is validating systems before returning them to normal operation and sharing updates as needed." Local media outlets are reporting that, further to the original announcement, state offices will remain closed on Tuesday after officials previously expected them to reopen. The state's new cybersecurity office says there is currently no evidence to suggest that any Nevadans' personal information was compromised during the attack.

Read more of this story at Slashdot.

A widely used Node.js utility called fast-glob, relied on by thousands of projectsâ"including over 30 U.S. Department of Defense systems -- is maintained solely by a Russian developer linked to Yandex. While there's no evidence of malicious activity, cybersecurity experts warn that the lack of oversight in such critical open-source projects leaves them vulnerable to potential exploitation by state-backed actors. The Register reports: US cybersecurity firm Hunted Labs reported the revelations on Wednesday. The utility in question is fast-glob, which is used to find files and folders that match specific patterns. Its maintainer goes by the handle "mrmlnc", and the Github profile associated with that handle identifies its owner as a Yandex developer named Denis Malinochkin living in a suburb of Moscow. A website associated with that handle also identifies its owner as the same person, as Hunted Labs pointed out. Hunted Labs told us that it didn't speak to Malinochkin prior to publication of its report today, and that it found no ties between him and any threat actor. According to Hunted Labs, fast-glob is downloaded more than 79 million times a week and is currently used by more than 5,000 public projects in addition to the DoD systems and Node.js container images that include it. That's not to mention private projects that might use it, meaning that the actual number of at-risk projects could be far greater. While fast-glob has no known CVEs, the utility has deep access to systems that use it, potentially giving Russia a number of attack vectors to exploit. Fast-glob could attack filesystems directly to expose and steal info, launch a DoS or glob-injection attack, include a kill switch to stop downstream software from functioning properly, or inject additional malware, a list Hunted Labs said is hardly exhaustive. [...] Hunted Labs cofounder Haden Smith told The Register that the ties are cause for concern. "Every piece of code written by Russians isn't automatically suspect, but popular packages with no external oversight are ripe for the taking by state or state-backed actors looking to further their aims," Smith told us in an email. "As a whole, the open source community should be paying more attention to this risk and mitigating it." [...] Hunted Labs said that the simplest solution for the thousands of projects using fast-glob would be for Malinochkin to add additional maintainers and enhance project oversight, as the only other alternative would be for anyone using it to find a suitable replacement. "Open source software doesn't need a CVE to be dangerous," Hunted Labs said of the matter. "It only needs access, obscurity, and complacency," something we've noted before is an ongoing problem for open source projects. This serves as another powerful reminder that knowing who writes your code is just as critical as understanding what the code does," Hunted Labs concluded.

Read more of this story at Slashdot.

An anonymous reader quotes a report from 404 Media: 4chan and Kiwi Farms sued the United Kingdom's Office of Communications (Ofcom) over its age verification law in U.S. federal court Wednesday, fulfilling a promise it announced on August 23. In the lawsuit, 4chan and Kiwi Farms claim that threats and fines they have received from Ofcom "constitute foreign judgments that would restrict speech under U.S. law." Both entities say in the lawsuit that they are wholly based in the U.S. and that they do not have any operations in the United Kingdom and are therefore not subject to local laws. Ofcom's attempts to fine and block 4chan and Kiwi Farms, and the lawsuit against Ofcom, highlight the messiness involved with trying to restrict access to specific websites or to force companies to comply with age verification laws. The lawsuit calls Ofcom an "industry-funded global censorship bureau." "Ofcom's ambitions are to regulate Internet communications for the entire world, regardless of where these websites are based or whether they have any connection to the UK," the lawsuit states. "On its website, Ofcom states that 'over 100,000 online services are likely to be in scope of the Online Safety Act -- from the largest social media platforms to the smallest community forum.'" [...] Ofcom began investigating 4chan over alleged violations of the Online Safety Act in June. On August 13, it announced a provisional decision and stated that 4chan had "contravened its duties" and then began to charge the site a penalty of [roughly $26,000] a day. Kiwi Farms has also been threatened with fines, the lawsuit states. "American citizens do not surrender our constitutional rights just because Ofcom sends us an e-mail. In the face of these foreign demands, our clients have bravely chosen to assert their constitutional rights," said Preston Byrne, one of the lawyers representing 4chan and Kiwi Farms. "We are aware of the lawsuit," an Ofcom spokesperson told 404 Media. "Under the Online Safety Act, any service that has links with the UK now has duties to protect UK users, no matter where in the world it is based. The Act does not, however, require them to protect users based anywhere else in the world."

Read more of this story at Slashdot.

Starting with Word for Windows version 2509, Microsoft is making cloud saving the default behavior. New documents will automatically save to OneDrive (or another cloud destination), with dated filenames, unless users manually revert to local saving in the settings. From the report: "Anything new you create will be saved automatically to OneDrive or your preferred cloud destination", writes Raul Munoz, product manager at Microsoft on the Office Shared Services and Experiences team. Munoz backs up the decision with half a dozen advantages for saving documents to the cloud. From never losing progress and access anywhere to easy collaboration and increased security and compliance. While cloud saving is without doubt beneficial in some cases, Munoz fails to address the elephant in the room. Some users may not want that their documents are stored in the cloud. There are good reasons for that, including privacy. Summed up: - If you do not mind that Word documents are stored in the cloud, you do not need to become active. - If you mind that Word documents are stored in the cloud by default, you need to modify the default setting.

Read more of this story at Slashdot.

Google has eliminated more than one-third of its managers overseeing small teams, an executive told employees last week, as the company continues its focus on efficiencies across the organization. From a report: "Right now, we have 35% fewer managers, with fewer direct reports" than at this time a year ago, said Brian Welle, vice president of people analytics and performance, according to audio of an all-hands meeting reviewed by CNBC. "So a lot of fast progress there." At the meeting, employees asked Welle and other executives about job security, "internal barriers" and Google's culture after several recent rounds of layoffs, buyouts and reorganizations. Welle said the idea is to reduce bureaucracy and run the company more efficiently. "When we look across our entire leadership population, that['s mangers, directors and VPs, we want them to be a smaller percentage of our overall workforce over time," he said.

Read more of this story at Slashdot.

After losing his job in 2024, Eric Thompson spearheaded a working group to push for federal legislation banning "ghost jobs" -- openings posted with no intent to hire. The proposed Truth in Job Advertising and Accountability Act would require transparency around job postings, set limits on how long ads can remain up, and fine companies that violate the rules. CNBC reports: "There's nothing illegal about posting a job, currently, and never filling it," says Thompson, a network engineering leader in Warrenton, Virginia. Not to mention, it's "really hard to prove, and so that's one of the reasons that legally, it's been kind of this gray area." As Thompson researched more into the phenomenon, he connected with former colleagues and professional connections across the country experiencing the same thing. Together, the eight of them decided to form the TJAAA working group to spearhead efforts for federal legislation to officially ban businesses from posting ghost jobs. In May, the group drafted its first proposal: The TJAAA aims to require that all public job listings include information such as: - The intended hire and start dates - Whether it's a new role or backfill - If it's being offered internally with preference to current employees - The number of times the position has been posted in the last two years, and other factors, according to the draft language. It also sets guidelines for how long a post is required to be up (no more than 90 calendar days) and how long the submission period can be (at least four calendar days) before applications can be reviewed. The proposed legislation applies to businesses with more than 50 employees, and violators can be fined a minimum of $2,500 for each infraction. The proposal provides a framework at the federal level, Thompson says, because state-level policies won't apply to employers who post listings across multiple states, or who use third-party platforms that operate beyond state borders.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Hill: Republicans on the House Oversight and Government Reform Committee opened a probe into alleged organized efforts to inject bias into Wikipedia entries and the organization's responses. Chair James Comer (R-Ky.) and Rep. Nancy Mace (R-S.C.), chair of the panel's subcommittee on cybersecurity, information technology, and government innovation, on Wednesday sent an information request on the matter to Maryana Iskander, chief executive officer of the Wikimedia Foundation, the nonprofit that hosts Wikipedia. The request, the lawmakers said in the letter (PDF), is part of an investigation into "foreign operations and individuals at academic institutions subsidized by U.S. taxpayer dollars to influence U.S. public opinion." The panel is seeking documents and communications about Wikipedia volunteer editors who violated the platform's policies, as well as the Wikimedia Foundation's efforts to "thwart intentional, organized efforts to inject bias into important and sensitive topics." "Multiple studies and reports have highlighted efforts to manipulate information on the Wikipedia platform for propaganda aimed at Western audiences," Comer and Mace wrote in the letter. They referenced a report from the Anti-Defamation League about anti-Israel bias on Wikipedia that detailed a coordinated campaign to manipulate content related to the Israel-Palestine conflict and similar issues, as well as an Atlantic Council report on pro-Russia actors using Wikipedia to push pro-Kremlin and anti-Ukrainian messaging, which can influence how artificial intelligence chatbots are trained. "[The Wikimedia] foundation, which hosts the Wikipedia platform, has acknowledged taking actions responding to misconduct by volunteer editors who effectively create Wikipedia's encyclopedic articles. The Committee recognizes that virtually all web-based information platforms must contend with bad actors and their efforts to manipulate. Our inquiry seeks information to help our examination of how Wikipedia responds to such threats and how frequently it creates accountability when intentional, egregious, or highly suspicious patterns of conduct on topics of sensitive public interest are brought to attention," Comer and Mace wrote. The lawmakers requested information about "the tools and methods Wikipedia utilizes to identify and stop malicious conduct online that injects bias and undermines neutral points of view on its platform," including documents and records about possible coordination of state actors in editing, the kind of accounts that have been subject to review, and and of the panel's analysis of data manipulation or bias. "We welcome the opportunity to respond to the Committee's questions and to discuss the importance of safeguarding the integrity of information on our platform," a Wikimedia Foundation spokesperson said.

Read more of this story at Slashdot.

An anonymous reader shares a report: Security researchers from Palo Alto Networks' Unit 42 have discovered the key to getting large language model (LLM) chatbots to ignore their guardrails, and it's quite simple. You just have to ensure that your prompt uses terrible grammar and is one massive run-on sentence like this one which includes all the information before any full stop which would give the guardrails a chance to kick in before the jailbreak can take effect and guide the model into providing a "toxic" or otherwise verboten response the developers had hoped would be filtered out. The paper also offers a "logit-gap" analysis approach as a potential benchmark for protecting models against such attacks. "Our research introduces a critical concept: the refusal-affirmation logit gap," researchers Tung-Ling "Tony" Li and Hongliang Liu explained in a Unit 42 blog post. "This refers to the idea that the training process isn't actually eliminating the potential for a harmful response -- it's just making it less likely. There remains potential for an attacker to 'close the gap,' and uncover a harmful response after all."

Read more of this story at Slashdot.

Deforestation has killed more than half a million people in the tropics over the past two decades as a result of heat-related illness, a study has found. The Guardian: Land clearance is raising the temperature in the rainforests of the Amazon, Congo and south-east Asia because it reduces shade, diminishes rainfall and increases the risk of fire, the authors of the paper found. Deforestation is responsible for more than a third of the warming experienced by people living in the affected regions, which is on top of the effect of global climate disruption. About 345 million people across the tropics suffered from this localised, deforestation-caused warming between 2001 and 2020. For 2.6 million of them, the additional heating added 3C to their heat exposure. In many cases, this was deadly. The researchers estimated that warming due to deforestation accounted for 28,330 annual deaths over that 20-year period.

Read more of this story at Slashdot.

The FBI and other law enforcement and intelligence agencies around the world warned Wednesday that a Chinese-government hacking campaign that previously penetrated nine U.S. telecommunications companies has expanded into other industries and regions, striking at least 200 American organizations and 80 countries. From a report: The joint advisory was issued with the close allies in the Five Eyes English-language intelligence-sharing arrangement and also agencies from Finland, Netherlands, Poland and the Czech Republic, an unusually broad array meant to demonstrate global resolve against what intelligence officials said is a pernicious campaign that exceeds accepted norms for snooping. "The expectation of privacy here was violated, not just in the U.S., but globally," FBI Assistant Director Brett Leatherman, who heads the bureau's cyber division, told The Washington Post in an interview. Chinese hackers won deep access to major communication carriers in the U.S. and elsewhere, then extracted call records and some law enforcement directives, which allowed them to build out a map of who was calling whom and whom the U.S. suspected of spying, Leatherman said. Prominent politicians in both major U.S. parties were among the ultimate victims.

Read more of this story at Slashdot.

Phonemaker Nothing used professional stock photos to demonstrate its Phone 3's camera capabilities on retail demo units, according to The Verge. Five images the company presented as community-captured samples were licensed photographs from the Stills marketplace, taken with other cameras in 2023. The Verge verified EXIF data confirming one image predated the Phone 3's release. Co-founder Akis Evangelidis acknowledged the photos were placeholders intended for pre-production testing that weren't replaced before deployment to stores.

Read more of this story at Slashdot.

South Korea has passed a bill banning the use of mobile phones and smart devices during class hours in schools -- becoming the latest country to restrict phone use among children and teens. From a report: The law, which comes into effect from the next school year in March 2026, is the result of a bi-partisan effort to curb smartphone addiction, as more research points to its harmful effects. Lawmakers, parents and teachers argue that smartphone use is affecting students' academic performance and takes away time they could have spent studying.

Read more of this story at Slashdot.

Wikipedia's volunteer editors have rejected founder Jimmy Wales' proposal to use ChatGPT for article review guidance after the AI tool produced error-filled feedback when Wales tested it on a draft submission. The ChatGPT response misidentified Wikipedia policies, suggested citing non-existent sources and recommended using press releases despite explicit policy prohibitions. Editors argued automated systems producing incorrect advice would undermine Wikipedia's human-centered model. The conflict follows earlier tensions over the Wikimedia Foundation's AI experiments, including a paused AI summary feature and new policies targeting AI-generated content.

Read more of this story at Slashdot.

Digital resurrections of deceased individuals are emerging as the next commercial frontier in AI, with the digital afterlife industry projected to reach $80 billion within a decade. Companies developing these AI avatars are exploring revenue models ranging from interstitial advertising during conversations to data collection about users' preferences. StoryFile CEO Alex Quinn confirmed his company is exploring methods to monetize interactions between users and deceased relatives' digital replicas, including probing for consumer information during conversations. The technology has already demonstrated persuasive capabilities in legal proceedings, where an AI recreation of road rage victim Chris Pelkey delivered testimony that contributed to a maximum sentence. Current implementations operate through subscription models, though no federal regulations govern commercial applications of posthumous AI representations despite state-level protections for deceased individuals' likeness rights.

Read more of this story at Slashdot.