By EditorDavid from Slashdot's beyond-the-repository department
An anonymous reader quotes TechCrunch:
For the longest time, GitHub was all about storing source code and sharing it either with the rest of the world or your colleagues. Today, the company, which is in the process of being acquired by Microsoft, is taking a step in a different but related direction by launching GitHub Actions. Actions allow developers to not just host code on the platform but also run it. We're not talking about a new cloud to rival AWS here, but instead about something more akin to a very flexible IFTTT for developers who want to automate their development workflows, whether that is sending notifications or building a full continuous integration and delivery pipeline.
This is a big deal for GitHub. Indeed, Sam Lambert, GitHub's head of platform, described it to me as "the biggest shift we've had in the history of GitHub... I see Continuous Integration/Continuous Delivery as one narrow use case of actions. It's so, so much more," Lambert stressed. "And I think it's going to revolutionize DevOps because people are now going to build best in breed deployment workflows for specific applications and frameworks, and those become the de facto standard shared on GitHub... It's going to do everything we did for open source again for the DevOps space and for all those different parts of that workflow ecosystem...."
Over time -- and Lambert seemed to be in favor of this -- GitHub could also allow developers to sell their workflows and Actions through the GitHub marketplace. For now, that's not an option, but it it's definitely that's something the company has been thinking about. Lambert also noted that this could be a way for open source developers who don't want to build an enterprise version of their tools (and the sales force that goes with that) to monetize their efforts.Read Replies (0)
By EditorDavid from Slashdot's crime-doesn't-pay department
An anonymous reader writes:
A 44-year-old, Georgia-based programmer -- who'd been working at Equifax since 2003 -- has been sentenced to eight months of home confinement and a $50,000 fine for insider trading. Working as Equifax's Production Development Manager of Software Engineering in August of 2017, he'd been asked to create a web site where customers could query a database to see if they were affected by a yet-to-be-announced security breach for a high-profile client. Guessing correctly that it was his own employer's breach, he'd used his wife's brokerage account to purchase $2,166.11 in "put" options betting that Equifax's stock price would tumble -- and when it did, he'd scored a hefty profit of $75,167.68.
"As part of his SEC settlement, he must also forfeit $75,979, the ill-gotten funds, plus interest," ZDNet reports, noting that the transactions "came to light after Equifax started internal investigations into several reported cases of employee insider trading." Another federal complaint also alleges that another Equifax executive avoided $117,000 in losses by selling all $1 million of his stock options -- the same day he'd performed a web search about how Experian's stock was affected by a 2015 security breach, but two weeks before Equifax's breach was announced. That case is still ongoing.Read Replies (0)
By BeauHD from Slashdot's long-overdue department
Winamp, the world's most famous media player, has released version 5.8 to make it compatible with today's modern operating systems such as Windows 8.1 and Windows 10. Bleeping Computer notes that there hasn't been a new updates released since 2014, when Radionomy purchased Winamp from AOL. Some other new features include standalone audio player support, an auto-fullscreen option for videos, updates scrollbars and buttons, and bug fixes. From the report: Radionomy has stated that they are not stopping here and have big plans for Winamp. In an interview with TechCrunch, Radionomy CEO Alexandre Saboundjian, revealed that a massive release is planned for 2019 that aims to add cloud support for streaming music, podcasts, and more. "There will be a completely new version next year, with the legacy of Winamp but a more complete listening experience," Saboundjian stated in the interview. "You can listen to the MP3s you may have at home, but also to the cloud, to podcasts, to streaming radio stations, to a playlist you perhaps have built."Read Replies (0)
By BeauHD from Slashdot's flying-under-the-radar department
Slashdot reader generic shares a report from ZDNet: For at least three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers, ZDNet has learned. The vulnerability impacts the jQuery File Upload plugin authored by prodigious German developer Sebastian Tschan, most commonly known as Blueimp. The plugin is the second most starred jQuery project on GitHub, after the jQuery framework itself. It is immensely popular, has been forked over 7,800 times, and has been integrated into hundreds, if not thousands, of other projects, such as CMSs, CRMs, Intranet solutions, WordPress plugins, Drupal add-ons, Joomla components, and so on.
Earlier this year, Larry Cashdollar, a security researcher for Akamai's SIRT (Security Intelligence Response Team), has discovered a vulnerability in the plugin's source code that handles file uploads to PHP servers. Cashdollar says that attackers can abuse this vulnerability to upload malicious files on servers, such as backdoors and web shells. The Akamai researcher says the vulnerability has been exploited in the wild. "I've seen stuff as far back as 2016," the researcher told ZDNet in an interview. The vulnerability was one of the worst kept secrets of the hacker scene and appears to have been actively exploited, even before 2016. Cashdollar found several YouTube videos containing tutorials on how one could exploit the jQuery File Upload plugin vulnerability to take over servers. One of three YouTube videos Cashdollar shared with ZDNet is dated August 2015. Thankfully, the CVE-2018-9206 identifier was pushed earlier this month to address this issue. "All jQuery File Upload versions before 9.22.1 are vulnerable," reports ZDNet. "Since the vulnerability affected the code for handling file uploads for PHP apps, other server-side implementations should be considered safe."Read Replies (0)
By BeauHD from Slashdot's new-and-improved department
MojoKid writes: Intel lifted the embargo veil today on performance results for its new Core i9-9900K 9th Gen 8-core processor. Intel claims the chip is "the best CPU for gaming" due to its high clock speeds and monolithic 8-core/16-thread design that has beefier cache memory (now 16MB). The chip also has 16-lanes of on-chip PCIe connectivity, official support for dual-channel memory up to DDR4-2666, and a 95 watt TDP. Intel also introduced two other 9th Gen chips today. Intel's Core i7-9700K is also an 8-core processor, but lacks HyperThreading, is clocked slightly lower, and has 4MB of smart cache disabled (12MB total). The Core i5-9600K takes things down to 6 cores / 6 threads, with a higher base clock, but lower boost clock and only 9MB of smart cache. In benchmark testing, the high-end Core i9-9900K's combination of Intel's latest microarchitecture and boost frequencies of up to 5GHz resulted in the best single-threaded performance seen from a desktop processor to date. The chip's 8-cores and 16-threads, larger cache, and higher clocks also resulted in some excellent multi-threaded scores that came close to catching some of Intel's many-core Core X HEDT processors in a few tests. The Core i9-9900K is a very fast processor, but it is also priced as such at $488 in 1KU quantities. That makes it about $185 to $225 pricier than AMD's Ryzen 7 2700X, which is currently selling for about $304 and performs within 3% to 12% of Intel's 8-core chip, depending on workload type.Read Replies (0)
By BeauHD from Slashdot's lips-sealed department
An anonymous reader quotes a report from TechCrunch: Thermostats know the temperature of your house, and smart cameras and sensors know when someone's walking around your home. Smart assistants know what you're asking for, and smart doorbells know who's coming and going. And thanks to the cloud, that data is available to you from anywhere -- you can check in on your pets from your phone or make sure your robot vacuum cleaned the house. Because the data is stored or accessible by the smart home tech makers, law enforcement and government agencies have increasingly sought out data from the companies to solve crimes. And device makers won't say if your smart home gadgets have been used to spy on you. We asked some of the most well-known smart home makers on the market if they plan on releasing a transparency report, or disclose the number of demands they receive for data from their smart home devices. For the most part, we received fairly dismal responses. Amazon did not respond to requests for comment, but a spokesperson for the company said last year that it would not reveal the figures for its Echo smart speakers. Facebook said that its transparency report section will include "any requests related to Portal," its new hardware screen with a camera and a microphone. A spokesperson for the company did not comment on if the company will break out the hardware figures separately. Google also declined to comment, but did point TechCruch to Nest's transparency report. Apple, the last of the big tech giants, said that there's no need to disclose its smart home figures because there would be nothing to report, adding that user requests made to HomePod are given a random identifier that cannot be tied to a person. TechCrunch also asked a number of smaller smart home players, like August, iRobot, Arlo, Ring, Honeywell, Canary, Samsung, and Ecobee.Read Replies (0)
By BeauHD from Slashdot's lost-memories department
Some users on Reddit and Google's support forums are reporting an issue in which taking a photo using Google Camera occasionally fails to save. The issue appears to be widespread, "affecting original Pixel phones as well as the Pixel 2 / 2 XL," reports The Verge. From the report: The issue occurs specifically in cases when the user takes a photo with Google Camera, and switches to another app or locks the phone immediately after. Users are able to see a thumbnail of the photo in the Camera gallery circle, but upon tapping it, the photo disappears. In some occasions, the photo doesn't appear at all at first, but it will reappear in their gallery a day later.
There's also some reports of Galaxy S9, Moto Z2, Moto E4, and Nexus 5X owners experiencing the issue after using Google Camera, so it's unclear whether the issue is limited to Pixel phones or if it's connected to a larger Android bug. For now, users have come up with a workaround for an issue they believe is related to HDR photo processing time. Reddit user erbat suggests leaving the camera app open until HDR processing completes or turning off the HDR function completely.Read Replies (0)
By msmash from Slashdot's end-of-road department
Liquavista, a screen tech company Amazon acquired five years ago, has shut down. Rumblings of Liquavista's potential closure have been bouncing around the e-reader community for more than six months. It remains unclear if Liquavista's work has been brought inside Amazon and moved to other parts of the organization, or if it was shut down entirely. Amazon declined to release further details. From a report: Launched in 2006 as a spin off from Philips, Liquavista had been developing a unique type of screen tech that was based on running an electric current through a liquid. This is called electrowetting technology, which is a fancy way of saying that each pixel in a Liquavista screen contained 3 liquids (red, green, blue), and that the color shown by a pixel depended on the amount of power fed into each liquid. [...] The screens were originally being developed as a solution to the battery life issue. Mobile battery life was terrible back in the pre-iPad, pre-iPhone, and pre-netbook era, and people were willing to pay a premium for a screen which used less power than typical LCD screens.Read Replies (0)
By BeauHD from Slashdot's comes-at-a-cost department
An anonymous reader quotes a report from Ars Technica: Elon Musk took to Twitter on Thursday evening to inform his followers of a new addition to the Model 3 lineup. This is not the long-awaited $35,000 version, however; the mid-range Model 3 starts at $45,000. Musk also revealed that the Model 3 ordering process has been simplified and now has fewer options. One that's missing -- from all new Tesla orders, not just the Model 3 -- is the controversial "full self-driving" option. The reason? It was "causing too much confusion," Musk tweeted. The mid-range Model 3s will be rear-wheel drive only, prompting some to wonder if the company was using software to limit battery capacity on existing RWD inventory in order to get it out of the door. But Tesla says it's able to build these slightly cheaper cars by using the same battery pack as the more expensive, longer-range cars but with fewer cells inside (so no future software upgrades can increase their range at a later date). While Tesla is promoting the car as costing as little as $30,700 by factoring in "gas savings" and all federal and local tax incentives, it did also announce last week that any new Tesla delivered after October 15th might not ship before the beginning of next year. As Ars Technica notes, "Any new Tesla delivered after January 1st 2019 (but before July 1st 2019) is only eligible for a $3,750 IRS credit."Read Replies (0)
By msmash from Slashdot's closer-look department
Like fingerprints, no 3D printer is exactly the same. That's the takeaway from a new University at Buffalo-led study that describes what's believed to be the first accurate method for tracing a 3D-printed object to the machine it came from. From the study: The advancement, which the research team calls "PrinTracker," could ultimately help law enforcement and intelligence agencies track the origin of 3D-printed guns, counterfeit products and other goods. "3D printing has many wonderful uses, but it's also a counterfeiter's dream. Even more concerning, it has the potential to make firearms more readily available to people who are not allowed to possess them," says the study's lead author Wenyao Xu, PhD, associate professor of computer science and engineering in UB's School of Engineering and Applied Sciences. [...] To understand the method, it's helpful to know how 3D printers work. Like a common inkjet printer, 3D printers move back-and-forth while "printing" an object. Instead of ink, a nozzle discharges a filament, such as plastic, in layers until a three-dimensional object forms. Each layer of a 3D-printed object contains tiny wrinkles -- usually measured in submillimeters -- called in-fill patterns. These patterns are supposed to be uniform. However, the printer's model type, filament, nozzle size and other factors cause slight imperfections in the patterns. The result is an object that does not match its design plan.Read Replies (0)
By msmash from Slashdot's stranger-things department
Louis Rossmann says US Customs and Border Patrol seized $1,000 worth of laptop batteries, claiming they were counterfeit. From a report: Earlier this year, Louis Rossmann, the highest-profile iPhone and Mac repair professional in the United States, told Motherboard that determining "the difference between counterfeiting and refurbishing is going to be the next big battle" between the independent repair profession and Apple. At the time, his friend and fellow independent repair pro, Jessa Jones, had just had a shipment of iPhone screens seized by Customs and Border Patrol. Rossmann was right: His repair parts were also just seized by the US government. Last month, US Customs and Border Protection (CBP) seized a package containing 20 Apple laptop batteries en route to Rossman's store in New York City. The laptop batteries were en route from China to Rossmann Repair Group -- a NYC based repair store that specializes in Apple products. "Apple and customs seized batteries to a computer that, at [the Apple Store], they no longer service because they claim it's vintage," Rossmann, the owner and operator of Rossmann Repair Group, said in a YouTube video. "They will not allow me to replace batteries, because when I import batteries that are original they'll tell me the they're counterfeit and have them stolen from by [CBP]." CBP seized the batteries on September 6, then notified Rossmann via a letter dated October 5. Rossmann produced the letter in its entirety in his video.Read Replies (0)
By msmash from Slashdot's gaming-the-system department
A new report sheds some light on the issue of paid click farms gaming Apple's long-running list of Top Podcasts. From a report: Earlier this month, Apple's long-running list of Top Podcasts began to exhibit some unusual issues -- no-name podcasts vaulting over popular, well-established ones -- but the company appeared to quickly fix its chart. Unfortunately, the problems have popped up again, and an analysis from podcast industry tracker Chartable suggests that paid click farms are now gaming the list, which it calls "the closest thing to the Billboard Top 100 in the podcast world." In theory, Apple's podcast popularity rankings might not matter -- podcasts are free, and Apple's only one source of such rankings. But after introducing its Podcast Directory in 2005, Apple became the world's largest aggregator of such programming, and its rankings serve two purposes: showing listeners what's hot, and helping advertisers determine which shows to support, thereby keeping their creators afloat. The core problem is that Apple's Top Podcasts chart appears to use a poor and easily manipulated ranking metric. Chartable believes that it's based entirely upon a podcast's total number of new subscribers over the past week, with weights assigned to movement in the past one to three days.Read Replies (0)
By msmash from Slashdot's unprecedented department
John Paczkowski and Joseph Bernstein, reporting for BuzzFeed News: Apple CEO Tim Cook, in an interview with BuzzFeed News, went on the record for the first time to deny allegations that the company was the victim of a hardware-based attack carried out by the Chinese government. And, in an unprecedented move for the company, he called for a retraction of the story that made this claim. Earlier this month Bloomberg Businessweek published an investigation alleging Chinese spies had compromised some 30 US companies by implanting malicious chips into Silicon Valley bound servers during their manufacture in China. The chips, Bloomberg reported, allowed the attackers to create "a stealth doorway" into any network running on a server in which they were embedded. Apple was alleged to be among the companies attacked, and a focal point of the story. [...] "We turned the company upside down," Cook said. "Email searches, datacenter records, financial records, shipment records. We really forensically whipped through the company to dig very deep and each time we came back to the same conclusion: This did not happen. There's no truth to this." A Bloomberg spokesperson said, "We stand by our story and are confident in our reporting and sources."Read Replies (0)