news aggregator

The UK and China today signed a new bilateral agreement on scientific collaboration [non-paywalled source], narrowing the scope of their partnership to exclude sensitive technologies. Lord Patrick Vallance, Britain's science and technology minister, met his Chinese counterpart Chen Jiachang in Beijing and agreed to focus cooperation on health, climate, planetary sciences, and agriculture. The previous agreement from 2017 had included satellites, remote sensing technology and robotics. Those fields are absent from the new accord. The countries announced no new funding for joint research. Vallance said the UK had "deliberately gone for areas which we think are not carrying such a security risk."

Read more of this story at Slashdot.

Risk list highlights misconfigs, supply chain failures, and singles out prompt injection in AI apps

The Open Worldwide Application Security Project (OWASP) just published its top 10 categories of application risks for 2025, its first list since 2021. It found that while broken access control remains the top issue, security misconfiguration is a strong second, and software supply chain issues are still prominent.…

Years of development still needed but AI, 3D printing, and other alternative options on the horizon

The UK Government has unveiled a roadmap to replace animal testing with AI-driven options and other alternatives, targeting the elimination of certain regulatory tests by the end of 2026.…

Clop's Oracle EBS exploit spree shows no sign of slowing, claims nearly 30 more casualties in media, finance, and tech.

Digital engineering outfit GlobalLogic says personal data from more than 10,000 current and former employees was exposed in the wave of Oracle E-Business Suite (EBS) attacks attributed to the Clop ransomware gang. The Hitachi-owned biz joins a growing roster of high-profile victims that also now includes The Washington Post and Allianz UK.…

Norwegian testers claim maker has remote access, while UK importer says supplier complies with the law

UK governmental is working with the National Cyber Security Centre to understand and "mitigate" any risk that China-made imported electric buses could be remotely accessed and potentially disabled.…

Tariffs can't stop cheaper, better Chinese tech, says Jefferies. Tesla is Amercia's great hope

Battery energy storage systems (BESS) could become standard at datacenters as AI infrastructure expand, with analysts forecasting 20 GW of capacity deployed over the next decade.…

Massive increase in policy claims… and data doesn’t even cover the major attacks of 2025

The number of successful cyber insurance claims made by UK organizations shot up last year, according to the latest figures from the industry's trade association.…

Continuous track of long awaited AFV hits the ground ... and the terrain is pretty bumpy

The British Army just received its first new armored fighting vehicle (AFV) for nearly three decades, but it is years late, hit by rising costs, is still reportedly injuring its crew, and there are questions about whether it remains relevant in the age of drone warfare. …

Longtime Slashdot reader theodp writes: The UK Department for Education is "replacing its narrowly focused computer science GCSE with a broader, future-facing computing GCSE [General Certificate of Secondary Education] and exploring a new qualification in data science and AI for 16-18-year-olds." The move aims to correct unintended consequences of a shift made more than a decade ago from the existing ICT (Information and Communications Technology) curriculum, which focused on basic digital skills, to a more rigorous Computer Science curriculum at the behest of major tech firms and advocacy groups to address concerns about the UK's programming talent pipeline. The UK pivot from rigorous CS to AI literacy comes as tech-backed nonprofit Code.org leads a similar shift in the U.S., pivoting from its original 2013 mission calling for rigorous CS for U.S. K-12 students to a new mission that embraces AI literacy. Code.org next month will replace its flagship Hour of Code event with a new Hour of AI "designed to bring AI education into the mainstream" with the support of its partners, including Microsoft, Google, and Amazon. Code.org has pledged to engage 25 million learners with the new Hour of AI this school year.

Read more of this story at Slashdot.

Your real problem: 40kW racks, melting datacenters and rising power bills

Opinion In recent discussions with industry vendor sales/marketing types, I've been hearing that HPC demand is falling off while AI system demand is continuing to increase. I've also seen articles implying that AI is somehow displacing HPC. Huh?…

China's CO2 emissions have been flat or falling for 18 months, "adding evidence to the hope that the world's biggest polluter has managed to hit its target of peak CO2 emissions well ahead of schedule," reports the Guardian. From the report: Rapid increases in the deployment of solar and wind power generation -- which grew by 46% and 11% respectively in the third quarter of this year -- meant the country's energy sector emissions remained flat, even as the demand for electricity increased. China added 240GW of solar capacity in the first nine months of this year, and 61GW of wind, putting it on track for another renewable record in 2025. Last year, the country installed 333GW of solar power, more than the rest of the world combined. [...] The analysis by the Centre for Research on Energy and Clean Air (Crea), for the science and climate policy website Carbon Brief, found China's CO2 emissions were unchanged from a year earlier in the third quarter of 2025, thanks in part to declining emissions in the travel, cement and steel industries. But China has a record of underpromising and overdelivering on climate targets. Li Shuo, the director of the China Climate Hub at the Asia Society Policy Institute, a US-based thinktank, said in a recent note that the latest Chinese climate targets should be seen as a baseline and not a ceiling.

Read more of this story at Slashdot.

Sachin Katti was one of new Intel CEO Lip Bu Tan's first appointments

Sachin Katti, the exec Intel promoted to chief technology and AI officer in April, will leave the x86 giant to join OpenAI after just six months in the job.…

An anonymous reader quotes a report from Gizmodo: It appears that Neom -- Saudi Arabia's hugely expensive, architecturally bizarre urban development project -- is floundering and close to collapse. A new report from the Financial Times cites high-level sources within the project to paint a picture of dysfunction and failure at the heart of the quixotic effort. Neom was envisioned as a vast series of fantastical urban developments spread across the coast of the Red Sea. At the center of the project is The Line -- a proposed 105-mile-long city which developers had initially projected could house as many as 9 million people by the year 2030. The Line is defined by bizarre architectural flourishes that, as the story notes, have seemed impossible even to the execs tasked with making them a reality. One such addition is an upside-down building, dubbed "the chandelier," that is supposed to hang over a "gateway" marina to the city: "As architects worked through the plans, the chandelier began to seem implausible. One recalled warning Tarek Qaddumi, The Line's executive director, of the difficulty of suspending a 30-story building upside down from a bridge hundreds of metres in the air. 'You do realize the earth is spinning? And that tall towers sway?' he said. The chandelier, the architect explained, could 'start to move like a pendulum,' then 'pick up speed,' and eventually 'break off,' crashing into the marina below." Yes, that doesn't sound great. Now, according to those sources the FT talked to, the project is looking more and more like a hugely expensive pipe dream that will never come to pass: "Today, with at least $50 billion spent, the desert is pock-marked with piling, and deep trenches stretch across the landscape. But Prince Mohammed, who chairs Neom, has dramatically scaled back the first phase of the plans. Neom told the FT that The Line remained 'a strategic priority' that would ultimately 'provide a new blueprint for humanity by changing the way people live.' But they described it as a 'multi-generational development of unprecedented scale and complexity.'" The outlet interviewed workers on the project who seem to feel that it's only a matter of time before the project is declared DOA: "While Neom employees say that much of The Line might still be technically buildable, they are not convinced anyone is ready to pay for it. Construction work across Neom has slowed, with the desert ski resort Trojena, the intended venue for the 2029 Asian Winter Games, one of the few sites still moving ahead at pace ... one former employee has said that everyone knows the project won't work; it is now just a matter of letting MBS down gently." Chief among the project's problems is the fact that, as Neom's bizarre developments have failed to materialize, it has become increasingly difficult to encourage investors to put up money for the absurdly expensive project. FT notes: "Senior executives were constantly asking for more money, but The Line was competing with other Neom projects. Some wealthy Saudi families put modest sums into the project, but the large investments Riyadh hoped to lure from foreign backers never materialized." The lack of adequate funding coming in has led a senior construction manager to tell FT that he feels the Line will never be built.

Read more of this story at Slashdot.

Slashdot reader alternative_right shares an exclusive BBC interview with Vyacheslav "Tank" Penchukov, once a top-tier cyber-crime boss behind Jabber Zeus, IcedID, and major ransomware campaigns. His story traces the evolution of modern cybercrime from early bank-theft malware to today's lucrative ransomware ecosystem, marked by shifting alliances, Russian security-service ties, and the paranoia that ultimately consumes career hackers. Here's an excerpt from the report: In the late 2000s, he and the infamous Jabber Zeus crew used revolutionary cyber-crime tech to steal directly from the bank accounts of small businesses, local authorities and even charities. Victims saw their savings wiped out and balance sheets upended. In the UK alone, there were more than 600 victims, who lost more than $5.2 million in just three months. Between 2018 and 2022, Penchukov set his sights higher, joining the thriving ransomware ecosystem with gangs that targeted international corporations and even a hospital. [...] Penchukov says he did not think about the victims, and he does not seem to do so much now, either. The only sign of remorse in our conversation was when he talked about a ransomware attack on a disabled children's charity. His only real regret seems to be that he became too trusting with his fellow hackers, which ultimately led to him and many other criminals being caught. "You can't make friends in cyber-crime, because the next day, your friends will be arrested and they will become an informant," he says. "Paranoia is a constant friend of hackers," he says. But success leads to mistakes. "If you do cyber-crime long enough you lose your edge," he says, wistfully.

Read more of this story at Slashdot.

The European Commission is considering turning its non-binding 2020 guidance on "high-risk vendors" into a legal requirement that would effectively force EU member states to phase out Huawei and ZTE from mobile and fixed-line networks. Bloomberg reports: Commission Vice President Henna Virkkunen wants to convert the European Commission's 2020 recommendation to stop using high-risk vendors in mobile networks into a legal requirement, according to the people, who asked not to be identified because the negotiations are private. While infrastructure decisions rest with national governments, Virkkunen's proposal would compel EU countries to align with the commission's security guidance. The EU is increasingly focused on the risks posed by Chinese telecom equipment makers as trade and political ties with its second-largest trading partner fray. The concern is that handing over control of critical national infrastructure to companies with such close ties to Beijing could compromise national security interests. Virkkunen is examining ways to limit the use of Chinese equipment suppliers in fixed-line networks, as countries push for the rapid deployment of state-of-the-art fiber cables to expand high-speed internet access. The commission is also considering measures to dissuade non-EU countries from relying on Chinese vendors, including by withholding Global Gateway funding from nations that use the grants for projects involving Huawei equipment, according to the people.

Read more of this story at Slashdot.

Linux kernel developers are moving toward enabling Microsoft C Extensions (-fms-extensions) by default in Linux 6.19, with Linus Torvalds signaling no objection. While some dislike relying on Microsoft-style behavior, the patches in kbuild-next suggest the project is ready to "bite the bullet" and adopt the extensions system-wide. Phoronix reports: Rasmus Villemoes argued with Kbuild: enable -fms-extensions that would allow for "prettier code" and others have noted in the past the potential for saving stack space and all around being beneficial in being able to leverage the Microsoft C behavior: "Once in a while, it turns out that enabling -fms-extensions could allow some slightly prettier code. But every time it has come up, the code that had to be used instead has been deemed 'not too awful' and not worth introducing another compiler flag for. That's probably true for each individual case, but then it's somewhat of a chicken/egg situation. If we just 'bite the bullet' as Linus says and enable it once and for all, it is available whenever a use case turns up, and no individual case has to justify it..." The second patch is kbuild: Add '-fms-extensions' to areas with dedicated CFLAGS to ensure -fms-extensions is passed for the CPU architectures that rely on their own CFLAGS being set rather than the main KBUILD_CFLAGS. Linus Torvalds chimed in on the prior mailing list discussion and doesn't appear to be against enabling -fms-extensions beginning with the Linux 6.19 kernel.

Read more of this story at Slashdot.

Ask 339 people, get 339 answers

Experts may be skeptical about corporate AI hype to varying degrees, but they share the view that machine learning models will have a significant effect on society.…

An anonymous reader quotes a report from Reuters: Privacy activists say proposed changes to Europe's landmark privacy law, including making it easier for Big Tech to harvest Europeans' personal data for AI training, would flout EU case law and gut the legislation. The changes proposed by the European Commission are part of a drive to simplify a slew of laws adopted in recent years on technology, environmental and financial issues which have in turn faced pushback from companies and the U.S. government. EU antitrust chief Henna Virkkunen will present the Digital Omnibus, in effect proposals to cut red tape and overlapping legislation such as the General Data Protection Regulation, the Artificial Intelligence Act, the e-Privacy Directive and the Data Act, on November 19. According to the plans, Google, Meta Platforms, OpenAI and other tech companies may be allowed to use Europeans' personal data to train their AI models based on legitimate interest. In addition, companies may be exempted from the ban on processing special categories of personal data "in order not to disproportionately hinder the development and operation of AI and taking into account the capabilities of the controller to identify and remove special categories of personal data." [...] The proposals would need to be thrashed out with EU countries and European Parliament in the coming months before they can be implemented. "The draft Digital Omnibus proposes countless changes to many different articles of the GDPR. In combination this amounts to a death by a thousand cuts," Austrian privacy group noyb said in a statement. "This would be a massive downgrading of Europeans' privacy 10 years after the GDPR was adopted," noyb's Max Schrems said. "These proposals would change how the EU protects what happens inside your phone, computer and connected devices," European Digital Rights policy advisor Itxaso Dominguez de Olazabal wrote in a LinkedIn post. "That means access to your device could rely on legitimate interest or broad exemptions like security, fraud detection or audience measurement," she said.

Read more of this story at Slashdot.

Encryption protects content, not context

Mischief-makers can guess the subjects being discussed with LLMs using a side-channel attack, according to Microsoft researchers. They told The Register that models from some providers, including Anthropic, AWS, DeepSeek, and Google, haven't been fixed, putting both personal users and enterprise communications at risk.…

The PDF Association is adding JPEG XL (JXL) support to the PDF specification, giving the advanced image format a new path to relevance despite Google's decision to declare it obsolete and remove it from Chromium. The Register reports: Peter Wyatt, CTO of the PDF Association, said: "We need to adopt a new image [format] that can support HDR [High Dynamic Range] content ... we have picked JPEG XL as our preferred solution." Wyatt also praised other benefits of JXL including wide gamut images, ultra-high resolution support for images with more than 1 billion pixels, and up to 4099 channels with up to 32 bits per channel. The association is responsible for developing PDF specifications and standards and manages the ISO committee for PDF. JPEG XL is an advanced image format that was designed to be both more efficient and richer in features than JPEG. It was based on a combination of the Free Lossless Image Format (FLIF) from Cloudinary and a Google project called PIK, first released in late 2020, and fully standardized in October 2021 as ISO/IEC 18181. There is a reference implementation called libjxl. A second edition of the ISO standard was published in 2024. JXL appeared to have wide industry support, including experimental implementation in Chrome and Chromium, until it was killed by Google in October 2022 and removed from its web browser engine. The company stated that "there is not enough interest from the entire ecosystem to continue experimenting with JPEG XL." Many in the community disagreed with the decision, including FLIF inventor Jon Sneyers, who perceived it as the outcome of an internal battle between proponents of JXL and a rival format, AVIF. "AVIF proponents within Chrome are essentially being prosecutor, judge and executioner at the same time," he said.

Read more of this story at Slashdot.