news aggregator

schwit1 shares a report from the Business Times: General Motors (GM) has directed several thousand of its suppliers to scrub their supply chains of parts from China, four people familiar with the matter said, reflecting automakers' growing frustration over geopolitical disruptions to their operations. GM executives have been telling suppliers they should find alternatives to China for their raw materials and parts, with the goal of eventually moving their supply chains out of the country entirely, the people said. The automaker has set a 2027 deadline for some suppliers to dissolve their China sourcing ties, some of the sources said. GM approached some suppliers with the directive in late 2024, but the effort took on fresh urgency this past spring, during the early days of an escalating US-China trade battle, the sources said.

Read more of this story at Slashdot.

When is an app not an app? When it’s a mini app inside another app

Apple has cut its take to 15 percent on purchases inside mini apps running within other iOS apps, and reached a parallel agreement with Tencent that brings WeChat's vast mini-program ecosystem into its revenue net.…

alternative_right shares a report from ScienceAlert: A thorough investigation published in May 2023 found that the inner core of the Moon is, in fact, a solid ball with a density similar to that of iron. To figure it out once and for all, [astronomer Arthur Briaud of the French National Centre for Scientific Research in France] and his colleagues collected data from space missions and lunar laser-ranging experiments to compile a profile of various lunar characteristics. These include the degree of its deformation by its gravitational interaction with Earth, the variation in its distance from Earth, and its density. ... they found that the lunar core is very similar to that of Earth â" with an outer fluid layer and a solid inner core. According to their modeling, the outer core has a radius of about 362 kilometers (225 miles), and the inner core has a radius of about 258 kilometers (160 miles). That's about 15 percent of the entire radius of the Moon. The inner core, the team found, also has a density of about 7,822 kilograms per cubic meter. That's very close to the density of iron. [...] The research has been published in Nature.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Washington Post: Winning the lottery isn't what brought Carrie Edwards her 15 minutes of fame. It was giving it all away. Standing alone in her kitchen one day in September, the Virginia woman was thunderstruck to discover she had won $150,000 in a Powerball drawing. As she was absorbing her windfall, she said, "I just heard as loud as you can hear God or whoever you believe in the universe just say, this is -- it's not your money." Then came a decision: She would donate it all to her three most cherished charities (source paywalled; alternative source). [...] Her journey to the lucky prize started when she walked into a 7-Eleven with a friend who wanted to buy two Powerball tickets. The jackpot for the Sept. 6 drawing was topping $1.7 billion, the second-largest amount ever. Edwards, 68, hardly ever played the lottery, but her friend was an active player who gave her two pieces of advice: Always buy a paper ticket, rather than getting them online. And the Powerball multiplier is a scam, don't do it. She ignored him on both accounts. She created a Virginia Lottery account on her phone. Then, instead of the typical strategies of using family birthdays and lucky numbers, she went to ChatGPT -- which she had only recently started using for research -- and asked, "Do you have any winning numbers for me?" "Luck is luck," replied the chatbot. Then it gave numbers that she plugged in -- paying the extra dollar for the Power Play to multiply anything she might win. She initially thought luck wasn't on her side when she didn't win the massive jackpot. But what she didn't realize is that she'd picked the "draw two" option, meaning her numbers were reentered for the next drawing. When she got a notification on her phone that she had won, she said, she thought it was a scam, or maybe she'd won something small, like $10. Just to satisfy her curiosity, she logged into her account and saw that she had matched four of the five numbers plus the Powerball in that second drawing. It would have been a $50,000 payout, but the multiplier tripled her winnings.

Read more of this story at Slashdot.

YouTube TV and Disney have ended their two-week carriage standoff, restoring ESPN, ABC, and other Disney networks under a new multiyear deal. Variety reports: Under the new agreement, ESPN's full lineup of sports -- including content from ESPN Unlimited -- will be made available on YouTube TV to base-plan subscribers at no additional cost by the end of 2026. In addition, access to a selection of live and on-demand programming from ESPN Unlimited will be available inside YouTube TV. The deal also lets YouTube include the Disney+ and Hulu bundle as part of "select YouTube offerings." According to Disney, "select networks" will be included in various genre-specific packages that YouTube TV expects to launch in the future. [...] The deal supersedes their prior distribution agreement, inked in December 2021 after a two-day blackout.

Read more of this story at Slashdot.

Apple's limited-edition "iPhone Pocket" sold out almost instantly worldwide despite its $150-$230 price tag. Appleinsider reports: Longtime Apple users immediately saw the resemblance with the old iPod socks, and everyone saw the price. Apple and Japan's Issey Miyake fashion house partnered to create a limited edition iPhone Pocket, a stretched sock-like bag or shoulder strap. There was no denying that an iPhone in this Pocket looked snuggly. There was definitely no denying that the accessory was well designed. There's also no question that it was about as goofy as the iPod Sock from back the in the day. But there was every denying of the price. The iPhone Pocket came in a short version for $150, and a longer one for $230. For comparison, the Apple Watch SE starts at $250. As ever, though, if you liked it, if you had a use for it, and if you had the budget, there was no reason left not to buy. But if you have hesitated because of the cost, you are now out of luck. There are none left in the US.

Read more of this story at Slashdot.

"Within the past year, stories have been posted on Slashdot about people helping North Koreans get remote IT jobs at U.S. corporations, companies knowingly assisting them, how not to hire a North Korean for a remote IT job, and how a simple question tripped up a North Korean applying for a remote IT job," writes longtime Slashdot reader smooth wombat. "The FBI is even warning companies that North Koreans working remotely can steal source code and extort money from the company -- money that goes to fund the North Korean government. Now, five more people have plead guilty to knowingly helping North Koreans infiltrate U.S. companies as remote IT workers." TechCrunch reports: The five people are accused of working as "facilitators" who helped North Koreans get jobs by providing their own real identities, or false and stolen identities of more than a dozen U.S. nationals. The facilitators also hosted company-provided laptops in their homes across the U.S. to make it look like the North Korean workers lived locally, according to the DOJ press release. These actions affected 136 U.S. companies and netted Kim Jong Un's regime $2.2 million in revenue, said the DOJ. Three of the people -- U.S. nationals Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis -- each pleaded guilty to one count of wire fraud conspiracy. Prosecutors accused the three of helping North Koreans posing as legitimate IT workers, whom they knew worked outside of the United States, to use their own identities to obtain employment, helped them remotely access their company-issued laptops set up in their homes, and also helped the North Koreans pass vetting procedures, such as drug tests. The fourth U.S. national who pleaded guilty is Erick Ntekereze Prince, who ran a company called Taggcar, which supplied to U.S. companies allegedly "certified" IT workers but whom he knew worked outside of the country and were using stolen or fake identities. Prince also hosted laptops with remote access software at several residences in Florida, and earned more than $89,000 for his work, the DOJ said. Another participant in the scheme who pleaded guilty to one count of wire fraud conspiracy and another count of aggravated identity theft is Ukrainian national Oleksandr Didenko, who prosecutors accuse of stealing U.S. citizens' identities and selling them to North Koreans so they could get jobs at more than 40 U.S. companies. According to the press release, Didenko earned hundreds of thousands of dollars for this service. Didenko agreed to forfeit $1.4 million as part of his guilty plea. The DOJ also announced that it had frozen and seized more than $15 million in cryptocurrency stolen in 2023 by North Korean hackers from several crypto platforms.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Record: Russian telecom operators have begun cutting mobile internet access for 24 hours for citizens returning to the country from abroad, in what officials say is an effort to prevent Ukrainian drones from using domestic SIM cards for navigation. "When a SIM card enters Russia from abroad, the user has to confirm that it's being used by a person -- not installed in a drone," the Digital Development Ministry said in a statement earlier this week. Users can restore access sooner by solving a captcha or calling their operator for identification. Authorities said the temporary blackout is meant to "ensure the safety of Russian citizens" and prevent SIM cards from being embedded in "enemy drones." The new rule has led to unexpected outages for residents in border regions, whose phones can automatically connect to foreign carriers. Officials advised users to switch to manual network selection to avoid being cut off.

Read more of this story at Slashdot.

BrianFagioli writes: Logitech has confirmed a cybersecurity breach after an intruder exploited a zero-day in a third-party software platform and copied internal data. The company says the incident did not affect its products, manufacturing or business operations, and it does not believe sensitive personal information like national ID numbers or credit card data were stored in the impacted system. The attacker still managed to pull limited information tied to employees, consumers, customers and suppliers, raising fair questions about how long the zero-day existed before being patched. Logitech brought in outside cybersecurity firms, notified regulators and says the incident will not materially affect its financial results. The company expects its cybersecurity insurance policy to cover investigation costs and any potential legal or regulatory issues. Still, with zero-day attacks increasing across the tech world, even established hardware brands are being forced to acknowledge uncomfortable weaknesses in their internal systems.

Read more of this story at Slashdot.

According to CNBC, JPMorgan Chase has secured deals ensuring it will get paid by the fintech firms responsible for nearly all the data requests made by third-party apps connected to customer bank accounts. From the report: The bank has signed updated contracts with the fintech middlemen that make up more than 95% of the data pulls on its systems, including Plaid, Yodlee, Morningstar and Akoya, according to JPMorgan spokesman Drew Pusateri. "We've come to agreements that will make the open banking ecosystem safer and more sustainable and allow customers to continue reliably and securely accessing their favorite financial products," Pusateri said in a statement. "The free market worked." The milestone is the latest twist in a long-running dispute between traditional banks and the fintech industry over access to customer accounts. For years, middlemen like Plaid paid nothing to tap bank systems when a customer wanted to use a fintech app like Robinhood to draw funds or check balances. [...] After weeks of negotiations between JPMorgan and the middlemen, the bank agreed to lower pricing than it originally proposed, and the fintech middlemen won concessions regarding the servicing of data requests, according to people with knowledge of the talks. Fintech firms preferred the certainty of locking in data-sharing rates because it is unclear whether the current CFPB, which is in the process of revising the open-banking rule, will favor banks or fintech companies, according to a venture capital investor who asked for anonymity to discuss his portfolio companies. The bank and the fintech firms declined to disclose details about their contracts, including how much the middlemen agreed to pay and how long the deals are in force.

Read more of this story at Slashdot.

Leaving buyers to cry, AI AI AI

If you haven't noticed, DRAM memory has gotten a lot more expensive in recent weeks. …

An anonymous reader quotes a report from Ars Technica: On Thursday evening, OpenAI CEO Sam Altman posted on X that ChatGPT has started following custom instructions to avoid using em dashes. "Small-but-happy win: If you tell ChatGPT not to use em-dashes in your custom instructions, it finally does what it's supposed to do!" he wrote. The post, which came two days after the release of OpenAI's new GPT-5.1 AI model, received mixed reactions from users who have struggled for years with getting the chatbot to follow specific formatting preferences. And this "small win" raises a very big question: If the world's most valuable AI company has struggled with controlling something as simple as punctuation use after years of trying, perhaps what people call artificial general intelligence (AGI) is farther off than some in the industry claim. "The fact that it's been 3 years since ChatGPT first launched, and you've only just now managed to make it obey this simple requirement, says a lot about how little control you have over it, and your understanding of its inner workings," wrote one X user in a reply. "Not a good sign for the future."

Read more of this story at Slashdot.

Who guards the guardrails? Often the same shoddy security as the rest of the AI stack

Large language models frequently ship with "guardrails" designed to catch malicious input and harmful output. But if you use the right word or phrase in your prompt, you can defeat these restrictions.…

More than a month after PoC made public

Fortinet finally published a security advisory on Friday for a critical FortiWeb path traversal vulnerability under active exploitation – but it appears digital intruders got a month's head start.…

Enterprise Linux vendors keep jostling to see who can prop up geriatric distros the longest

Last year, Canonical increased its paid extended support lifespan to 12 years. Now, it's increasing it again, to 15 years ... for a price.…

Amazon spilled the TEA

Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" - but with a twist. Instead of injecting credential-stealing code or ransomware into the packages, this one is a token farming campaign.…

An anonymous reader shares a report: Executives are turning to a novel structure to fund crypto accumulation vehicles as investor appetite thins. They're called in-kind contributions, and they now account for a growing share of digital-asset treasury, or DAT, deals. Instead of raising cash to buy tokens in the open market, DAT sponsors contribute large slugs of their own crypto, often unlisted and hard to value. Digital-asset treasuries are a new breed of public company built to hold concentrated crypto positions. The structure surged in 2025 as small-cap firms, especially in biotech and mining, reinvented themselves as digital-asset proxies. Sponsors provide tokens or raise money to buy them, and the stock then trades as a kind of listed bet on crypto. For insiders, it's a shortcut to liquidity. For investors, a wager on upside. But not all DATs carry the same level of risk. Earlier deals raised money to buy tokens through regular markets, which offered at least some independent price check. In-kind contributions skip that step -- letting insiders decide what their tokens are worth, sometimes before the token even trades publicly. That shift means pricing and trading risks land more squarely on shareholders, many of them retail investors. Investor faith is already wobbling. Many DATs that once traded above the value of their holdings now trade below it. As insiders supply the tokens and set their price, it's becoming harder for investors to tell what these deals are really worth, or when to get out. The in-kind structure was on full display in a recent $545 million private placement by Tharimmune Inc., a biotech firm-turned-crypto proxy, to set up a buyer of Canton Coins. About 80% of the raise came in the form of unlisted Canton tokens, priced at 20 cents each, according to an investor presentation seen by Bloomberg News. The token began trading on exchanges Nov. 10 and is now around 11 cents, CoinGecko data show. More deals are following the same template. In these placements, insiders contribute tokens -- sometimes illiquid or unlisted -- to form a treasury, lock in valuations and seed the perception of market demand. But when tokens list below deal price, public shareholders absorb the difference. [...] Then there's Flora Growth Corp., a Nasdaq-listed company that announced a $401 million deal to start acquiring Zero Gravity tokens in September. On closer inspection, the firm had raised just $35 million in cash to pair with a $366 million in-kind contribution of then-unlisted 0G tokens. Those tokens were priced at around $3 a piece; they subsequently listed, and are now trading at about $1.20.

Read more of this story at Slashdot.

Just when you thought virtual collaboration couldn’t get worse, OpenAI stuffs a bot into your group conversations

Feel like your team's group chat is a bit lifeless? Remote coworkers not really collaborating as well as they should be? There's a new way to stir the pot now that OpenAI has piloted ChatGPT group chats: cram a chatbot into the conversation and let it chime in whenever it thinks it should.…

Pay television penetration in American households fell to 50.2% in the third quarter and is projected to drop to 50% or lower by December, according to Madison and Wall, a technology and media advisory firm. Fifteen years ago, nearly nine in ten households subscribed to pay television services. The decline has prompted major media companies to shed cable assets. Comcast, Warner Bros. Discovery, and A&E are seeking to sell or spin off their cable television operations. Paramount stated it would not divest its cable channels but acknowledged that "each quarter is accelerating decline."

Read more of this story at Slashdot.

Mercury Research blames stockpiling and low-end shortages for unusually flat CPU market

AMD continues to claw market share away from Intel in CPU shipments, growing faster than its rival in most segments. Meanwhile business in the x86 processor arena is unusually flat overall, likely due to stockpiling over tariff fears.…