By EditorDavid from Slashdot's writer-rights department
An anonymous reader quotes Deadline:
Netflix, Amazon and Hulu will be paying a lot more in writers' residuals under the new WGA film and TV contract. New details, outlined by WGA West, reveal that high-budget shows they run will generate anywhere between $3,448-$34,637 more residuals per episode over the life of the three-year contract than they did under the old contract, depending on the platform and the length of the show. Essentially, it's the same deal the Director's Guild of America got in their negotiations last December. The WGA contract, which has been unanimously approved by the WGA West board and the WGA East council, now goes to the guilds' members for final ratification. Voting begins Friday and concludes May 24.
For every half-hour of a high-budget show, Netflix will be paying $19,058 more in residuals than it did under the old contract.Read Replies (0)
By EditorDavid from Slashdot's AMT-vs-EFF department
The EFF is issuing a warning about the "tiny homunculus computer" in most of Intel's chipsets -- the largely-undocumented "Management Engine" which houses more than just the AMT module. An anonymous reader quotes their report:
While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one....vulnerabilities in any of the other modules could be as bad, if not worse, for security. Some of the other modules include hardware-based authentication code and a system for location tracking and remote wiping of laptops for anti-theft purposes... It should be up to hardware owners to decide if this code will be installed in their computers or not. Perhaps most alarmingly, there is also reportedly a DRM module that is actively working against the user's interests, and should never be installed in a Management Engine by default...
While Intel may put a lot of effort into hunting for security bugs, vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low-level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity. The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility... EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.
TLDR: "We have reason to fear that the undocumented master controller inside our Intel chips could continue to be a source of serious vulnerabilities in personal computers, servers, and critical cybersecurity and physical infrastructure."Read Replies (0)
By EditorDavid from Slashdot's what's-in-Vogue department
Slashdot reader Dan Drollette shares an article by the executive director and publisher of the Bulletin of the Atomic Scientists:On Friday, an elite group of the world's nuclear experts and advisers launched a Nuclear Crisis Group, to help manage the growing risk of nuclear conflict. The group includes leading diplomats with decades of experience, and retired military officers who were once responsible for launching nuclear weapons if given the order to do so. China, India, Pakistan, Russia, and the United States, all countries that have nuclear weapons, are represented. The group intends to create a "shadow security council," or an expert group capable of providing advice to world leaders on nuclear matters...
Building on grass-roots support, the Nuclear Crisis Group could serve as a brake on nuclear escalation and be an early step in reversing the downward nuclear security spiral. Not only will they be able to offer expertise to inexperienced leaders who are dabbling in nuclear security, but they will be able to develop and endorse proposals that could make the world safer such as expanding the decision time that leaders have to respond to a nuclear threat, further protecting nuclear systems against cyber attacks and unintended escalations, reenergizing the appetite for arms control negotiations, and questioning global nuclear upgrade programs.Read Replies (0)
By EditorDavid from Slashdot's pesky-humans department
An anonymous reader writes:
Will millions be unemployed after a job-destroying robot apocalypse? That's "starkly at odds with the evidence," argues a Wall Street Journal columnist, who says the real problem is robots aren't destroying enough jobs. "Too many sectors, such as health care or personal services, are so resistant to automation that they are holding back the entire country's standard of living." Noting that "churn relative to total employment" is the lowest it's ever been, he writes that "The pessimism would be more plausible if the evidence weren't moving in exactly the opposite direction...
"In April, nonfarm private employment rose for the 86th straight month, the longest such streak on record. Monthly job creation has averaged 185,000 this year, more than double what the U.S. can sustain given its demographics. This has driven unemployment down to 4.4%, a 10-year low and below most estimates of 'full employment.' Growing labor shortages have boosted the typical worker's annual wage gain to more than 3% now from 2% in 2012, according to the Federal Reserve Bank of Atlanta. Instead of worrying about robots destroying jobs, business leaders need to figure out how to use them more, especially in low-productivity sectors... The alternative is a tightening labor market that forces companies to pay ever higher wages that must be passed on as inflation, which usually ends with recession. "That is a more imminent threat than an army of androids."Read Replies (0)
By EditorDavid from Slashdot's digital-fingerprints department
This question was inspired by a recent article in Harvard Business Review:
It's become abundantly clear that passwords are an untenable way to secure our data online. And asking your customers to keep track of complicated log-in information is a terrible user experience... The threat to security when relying on passwords is one reason businesses are increasingly migrating to biometric systems. Identity verification through biometrics can ensure greater security for personal information, while also providing customers with a more seamless experience in the digital environment of smartphones, tablets, sensors, and other devices... the idea is to verify someone's identity with a high degree of assurance by tying it to multiple mechanisms at once, known as biometric modalities [which] when used in concert, can provide a significantly safer environment for the customer, and are much easier to use... [I]f an app simultaneously requires a thumbprint, a retina scan, and a vocal recognition signature, it would be close to impossible for a bad actor to replicate that in the seconds needed to open the app.
This got me curious -- are Slashdot's readers already seeing biometric verification systems in their own lives? Share your experiences in the comments, as well as your informed opinion. Do you think businesses should be switching to biometric passwords?Read Replies (0)
By EditorDavid from Slashdot's funded-by-fans department
Amanda Palmer says abandoning the commercial music industry for a subscription model made it possible to take more chances, like a new album with psychedelia artist Edward Ka-Spel. An anonymous reader quotes Digital Trends:
I spent my whole life in this music industry trying to figure out how to sell what I'm making. But I don't "sell" anymore -- I just have this magical net of supporters who are supporting me whether I choose to make a record with Edward or make a record with my dad, which I did last year... [S]ometimes, you absolutely want to do ridiculous, noncommercial stuff. The Patreon patrons have been a godsend in that sense. I've had to continually re-educate myself that this isn't about selling music. It's about making music. I got so used to those two being inseparable that it took a lot of psychological work to divorce the processes.
She says her supporters "haven't just promised; they've put down their credit card." And Neil Gaiman, her husband, also strongly endorses the freedom to experiment. "If, as an artist, you ever listen to your fans' demands, and their demands are always insisting you make the last thing they liked again, you would go nowhere."Read Replies (0)
By EditorDavid from Slashdot's vive-la-difference department
After Sunday's election in France, Macron's victory "is likely to be a boon for the French digital economy and its startup scene," writes a foreign policy think tank blog, "but the country's frosty relationship with U.S. tech companies is likely to remain over the next five years." Yet even before he was elected as France's new president, Emmanuel Macron was already warning the U.S. that withdrawing from the international Paris Climate change agreement could cost America its brightest innovators. Thelasko writes:
French President elect Emmanuel Macron has a message to U.S. scientists and engineers working on climate change. "Please, come to France. You are welcome. It's your nation. We like innovation. We want innovative people. We want people working on climate change, energy renewables and new technologies. France is your nation."
Newsweek reports this week that without America's involvement, the Paris Climate agreement "will have no way of meeting its goals of reducing global net carbon emissions" -- but that Macron could persuade the U.S. to honor its agreement. ("It reportedly took just one phone call conversation between Canadian Prime Minister Justin Trudeau and the president for Trump to reconsider withdrawing entirely for NAFTA, another international agreement signed into law prior to his tenure in the Oval Office.") And in the meantime, Macron has also promised not to cut France's energy-research budget, and will even reinforce it "to accelerate our initiative."Read Replies (0)
By BeauHD from Slashdot's vendor-interface department
Thelasko quotes a report from Ars Technica: Ahead of Google I/O, Google has just dropped a bombshell of a blog post that promises, for real this time, that it is finally doing something about Android's update problems. "Project Treble" is a plan to modularize the Android OS, separating the OS framework code from "vendor specific" hardware code. In theory, this change would allow for a new Android update to be flashed on a device without any involvement from the silicon vendor. Google calls it "the biggest change to the low-level system architecture of Android to date," and it's already live on the Google Pixel's Android O Developer Preview. This is not a magic bullet that will solve all of Android's update problems, however. After an update is released, Google lists three steps to creating an Android update:
1. Silicon manufacturers (Qualcomm, Samsung Exynos, etc) "modify the new release for their specific hardware" and do things like make sure drivers and power management will still work.
2. OEMs (Samsung, LG, HTC) step in and "modify the new release again as needed for their devices." This means making sure all the hardware works, rebranding Android with a custom skin, adding OEM apps, and modifying core parts of the Android OS to add special features like (before 7.0) multi-window support.
3. Carriers add more apps, more branding, and "test and certify the new release."Read Replies (0)
By EditorDavid from Slashdot's Windows-Update department
An anonymous reader quotes the AP:
Teams of technicians worked "round the clock" Saturday to restore hospital computer systems in Britain and check bank or transport services in other nations after a global cyberattack hit dozens of countries and crippled the U.K.'s health system. The worldwide attack was so unprecedented that Microsoft quickly changed its policy and announced that it will make security fixes available for free for older Windows systems, which are still used by millions of individuals and smaller businesses. [Windows XP, Windows 8, and Windows Server 2003]
An anonymous reader writes:
The patches are available for download from here. Microsoft also advises companies and users to disable the Windows Server Message Block version 1 protocol, as it's an old and outdated protocol, already superseded by newer versions, such as SMBv2 and SMBv3...
Microsoft had released a fix for that exploit a month before, in March, in security bulletin MS17-010 [which] included fixes for Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016.
Below the fold are more stories about the WanaDecrypt0r ransomware.Read Replies (0)