By BeauHD from Slashdot's performance-improvements department
Microsoft is including Google's mitigation for the Spectre Variant 2 speculative execution side-channel attack in the next release of Windows 10, currently codenamed 19H1. ZDNet reports: Google developed a software-based mitigation for Spectre Variant 2 called Retpoline that constrains speculative execution behavior sufficiently to mitigate an attack. Google's testing found its fix had a negligible effect on performance. Retpoline was implemented by Linux distributions such as Red Hat and SUSE, as well as by Oracle for Oracle Linux 6 and 7. And now, as MSPoweruser spotted, Microsoft's kernel engineers have confirmed that Retpoline will be part of the next version of Windows 10, 19H1, which is due out next year. Google's Retpoline plus Microsoft's own kernel modifications have reduced the performance impact to "noise level", according to Mehmet Iyigun of Microsoft's Windows and Azure kernel team. "Yes, we have enabled Retpoline by default in our 19H1 flights along with what we call 'import optimization' to further reduce perf impact due to indirect calls in kernel-mode. Combined, these reduce the perf impact of Spectre v2 mitigations to noise-level for most scenarios," wrote Iyigun.
"The bad news is that Microsoft didn't include the Retpoline fix in the latest Windows 10 October 2018 Update Redstone 5, or RS5, release, even though, according to CrowdStrike researcher Alex Ionescu, it could have," reports ZDNet.Read Replies (0)
By BeauHD from Slashdot's new-and-improved department
An anonymous reader shares new work that could allow us to generate electricity using supercritical carbon dioxide. Ars Technica reports: The researchers involved in the new work, a large U.S.-based collaboration, focus on a composite material: tungsten and zirconium carbide. These have extremely high melting points: 3,700K for both materials. Both of them conduct heat extremely well, and neither of them expands or softens much under these conditions, meaning they would hold up better to the mechanical stresses. While the stats are impressive, the amazing part of this is how the material is fabricated. The researchers started with tungsten carbide, a ceramic that can be formed into a porous material simply by pouring it as a powder into a mold and heating it. At this point, the ceramic can be further machined to produce a final shape. Once in its final form, the ceramic was placed in a bath of a molten mixture of copper and zirconium. The molten mixture filled the pores, and the zirconium reacted with the tungsten carbide, replacing the tungsten. The copper in the molten material formed a thin film on the surface of the solid.
< article continued at Slashdot's new-and-improved department
>Read Replies (0)
By EditorDavid from Slashdot's putting-it-to-the-testers department
An anonymous reader quotes Gizmodo:
When it was discovered earlier this month that the 1809 build of Windows 10 was deleting user files just because, Microsoft halted the update until the problem was fixed. Shame, then, that another not-as-bad-but-still-bad file overwriting bug has now reared its head. in 1809, overwriting files by extracting from an archive using File Explorer doesn't result in an overwrite prompt dialogue and also doesn't replace any files at all; it just fails silently. There are also some reports that it did overwrite items, but did so silently without asking.
Ars Technica speculates that there's a larger program with Microsoft's testing process:
[M]any of the preview builds had a bug wherein deleting a directory that was synced to OneDrive crashed the machine. Not only was this bug integrated into the Windows code, it was allowed to ship to end users. This tells us some fundamental things about how Windows is being developed. Either tests do not exist at all for this code (and I've been told that yes, it's permitted to integrate code without tests, though I would hope this isn't the norm), or test failures are being regarded as acceptable, non-blocking issues, and developers are being allowed to integrate code that they know doesn't work properly...
Microsoft's new development process has, proportionately, a greater amount of time spent writing new features, and a reduced amount of time stabilizing and fixing those features. That would be fine if the quality of the features were higher to start with, with the testing infrastructure to support it and higher standards before new code was integrated. But the experience with Windows 10 thus far is that Microsoft hasn't developed the processes and systems needed to sustain this new approach.Read Replies (0)
By EditorDavid from Slashdot's influence-marketing department
A major new campaign of disinformation around Brexit, designed to stir up U.K. 'Leave' voters, and distributed via Facebook, may have reached over 10 million people in the U.K., according to new research. The source of the campaign is so far unknown, and will be embarrassing to Facebook, which only this week claimed it was clamping down on "dark" political advertising on its platform. Researchers for the U.K.-based digital agency 89up allege that Mainstream Network -- which looks and reads like a "mainstream" news site but which has no contact details or reporter bylines -- is serving hyper-targeted Facebook advertisements aimed at exhorting people in Leave-voting U.K. constituencies to tell their MP to "chuck Chequers." Chequers is the name given to the U.K. Prime Ministers's proposed deal with the EU regarding the U.K.'s departure from the EU next year.
ABC News reports:
When the Justice Department unsealed criminal charges detailing a yearslong effort by a Russian troll farm to "sow division and discord in the U.S. political system," it was the first federal case alleging continued foreign interference in U.S. elections. Earlier Friday, American intelligence officials released a rare public statement asserting that Russia, China, Iran and other countries are engaged in ongoing efforts to influence U.S. policy and voters in future elections. The statement didn't provide details on those efforts. That stood in contrast with the criminal charges, which provided a detailed narrative of Russian activities...
< article continued at Slashdot's influence-marketing department
>Read Replies (0)
By EditorDavid from Slashdot's shooting-stars department
An anonymous reader quotes Space.com:
If you're a meteor enthusiast, the year 2018 has been very kind to you. This past summer, the annual Perseid meteor shower reached its peak the day after a new moon, ensuring that no moonlight would hinder those spotting celestial streakers. And looking ahead to December, the Geminid meteor shower, the most prolific of all of the annual displays, will reach its peak when an almost-first-quarter moon is setting during the late evening hours. This will make for excellent viewing conditions. And coming almost midway between these two popular showers, this weekend brings one of the most reliable meteor events. A sort of lesser version of the summertime Perseids, the Orionid meteor shower should reach its peak activity early on Sunday morning...
[Y]ou should wait until around 2 a.m. in your local time zone, when Orion will have climbed well above the horizon. And just prior to the break of dawn, at around 5 a.m., Orion will appear highest in the sky toward the south. That's when Orionid viewing will be at its best... Past studies have demonstrated that about half of all observed Orionids leave trails that last longer than those of other meteors of equivalent brightness. This is undoubtedly connected to the makeup of Halley's Comet; the object produces meteors that start burning up very high in our atmosphere, at around 80 miles (130 km) up, possibly because they are composed of lightweight material. This suggests they came from the diffuse surface of Halley's nucleus as opposed to its core.Read Replies (0)
By EditorDavid from Slashdot's wanna-bet? department
Layzej writes: Back in 2005, solar physicists Galina Mashnich and Vladimir Bashkirtsev made a $10,000 bet that global temperatures, driven primarily by changes in the Sun's activity, would fall over the next decade. The bet would compare the then record hot years between 1998 to 2003 with that between between 2012 and 2017. With temperatures falling from their peak during the 1998 super El-Nino, and solar output continuing to fall, this seemed like a sure bet. The results are now in and all datasets show that climate modeler James Annan is the clear winner. At the time of the wager, Annan had supposed that the reputation of the scientists involved would be enough to ensure payment once the bet was settled. Unfortunately, as was the case with Alfred Russel Wallace's famous 1870 bet against flat-Earthers, the losing parties have refused to pay up.
"More precisely, Bashkirtsev is refusing to pay," writes the climate modeler on his blog, "and Mashnich is refusing to even reply to email.
"With impressive chutzpah, Bashkirtsev proposed we should arrange a follow-up bet which he would promise to honour."Read Replies (0)
By EditorDavid from Slashdot's more-than-40-hour-work-weeks department
An anonymous reader quotes Forbes:
Rockstar Games co-founder and VP Dan Hauser unleashed a storm of controversy when he casually stated in an interview with Vulture that "We were working 100-hour weeks" putting the finishing touches on Red Dead Redemption 2. Reaction was swift with many condemning the ubiquitous practice of crunch time in the video game industry in general and Rockstar's history of imposing harsh demands on its employees in particular... Hauser responded that he was talking about a senior writing team of four people working over a three-week period. This kind of intense short-term engagement was common for the team which had been working together for 12 years. Hauser went on to say that Rockstar doesn't "ask or expect anyone to work anything like this". Employees are given the option of working excessive overtime but doing so is a "choice" not a requirement.
A QA tester at Rockstar's Lincoln studio in the UK has taken to Reddit to answer questions and clarify misconceptions about overtime at Rockstar that have arisen in the wake of Hauser's comments.... He has no knowledge of working conditions at other Rockstar studios. The first thing the poster points out is that he and other QA testers (with the possible exception of salaried staff) are paid for their overtime work. He then writes "The other big thing is that this overtime is NOT optional, it is expected of us. If we are not able to work overtime on a certain day without a good reason, you have to make it up on another day. This usually means that if you want a full weekend off that you will have to work a double weekend to make up for it... We have been in crunch since October 9th 2017 which is before I started working here...."
< article continued at Slashdot's more-than-40-hour-work-weeks department
>Read Replies (0)
By EditorDavid from Slashdot's status-updates department
The November issue of Popular Mechanics includes a message from its editors that Elon Musk is "under attack," arguing that while some criticisms have merit, "much of it is myopic and small-brained, from sideline observers gleefully salivating at the opportunity to take him down a peg."
But what have these stock analysts and pontificators done for humanity? Elon Musk is an engineer at heart, a tinkerer, a problem-solver -- the kind of person Popular Mechanics has always championed -- and the problems he's trying to solve are hard. Really hard. He could find better ways to spend his money, that's for sure. And yet there he is, trying to build gasless cars and build reusable rockets and build tunnels that make traffic go away. For all his faults and unpredictability, we need him out there doing that. We need people who have ideas. We need people who take risks. We need people who try.
The magazine includes statements from 12 high-profile supporters, including investor Mark Cuban, who writes "When you invest in a company run by an entrepreneur like Elon, you are investing in the mindset and approach that an entrepreneur brings to the table as much as you are valuing the net present value of future cash flows. That is not typical for public companies that are overwhelmingly run by hired CEOs. My advice for Elon is simple: Be yourself. Be true to your mission. Respect your investors. Ignore your critics."
Meanwhile, in a Friday post on Twitter, Musk jokingly claimed that he'd purchased and then deleted the game of Fortnite, posting a doctored Marketwatch article quoting him as saying "I had to save these kids from eternal virginity."
"Had to been done," tweeted Musk, adding "ur welcome".Read Replies (0)
By EditorDavid from Slashdot's batches-of-patches department
America's Multi-State Information Sharing & Analysis Center is operated in collaboration with its Department of Homeland Security's Office of Cybersecurity and Communications -- and they've got some bad news.
MS-ISAC released an advisory warning government agencies, businesses, and home users of multiple high-risk security issues in PHP that can allow attackers to execute arbitrary code. Furthermore, if the PHP vulnerabilities are not successfully exploited, attackers could still induce a denial-of-service condition rendering the probed servers unusable... The PHP Group has issued fixes in the PHP 7.1.23 and 7.2.11 releases for all the high-risk bugs that could lead to DoS and arbitrary code execution in all vulnerable PHP 7.1 and 7.2 versions before these latest updates.
But meanwhile, Threatpost reported this week that 62% of the world's web sites are still running PHP version 5 -- even though its end of life is December 31st. "The deadlines will not be extended, and it is critical that PHP-based websites are upgraded to ensure that security support is provided," warned a recent CERT notice.
So far Drupal is the only CMS posting an official notice requiring upgrades to PHP 7 (by March, three months after the PHP 5.6's end of life deadline). Threatpost notes that "There has been no such notice from WordPress or Joomla."Read Replies (0)
By EditorDavid from Slashdot's willing-to-commit department
An anonymous reader quotes Martin Monperrus, a professor of software at Stockholm's KTH Royal Institute of Technology:
Repairnator is a bot. It constantly monitors software bugs discovered during continuous integration of open-source software and tries to fix them automatically. If it succeeds to synthesize a valid patch, Repairnator proposes the patch to the human developers, disguised under a fake human identity. To date, Repairnator has been able to produce 5 patches that were accepted by the human developers and permanently merged in the code base...
It analyzes bugs and produces patches, in the same way as human developers involved in software maintenance activities. This idea of a program repair bot is disruptive, because today humans are responsible for fixing bugs. In others words, we are talking about a bot meant to (partially) replace human developers for tedious tasks.... [F]or a patch to be human-competitive 1) the bot has to synthesize the patch faster than the human developer 2) the patch has to be judged good-enough by the human developer and permanently merged in the code base.... We believe that Repairnator prefigures a certain future of software development, where bots and humans will smoothly collaborate and even cooperate on software artifacts.
Their fake identity was a software engineer named Luc Esape, with a profile picture that "looks like a junior developer, eager to make open-source contributions... humans tend to have a priori biases against machines, and are more tolerant to errors if the contribution comes from a human peer. In the context of program repair, this means that developers may put the bar higher on the quality of the patch, if they know that the patch comes from a bot."
< article continued at Slashdot's willing-to-commit department
>Read Replies (0)
By EditorDavid from Slashdot's second-planet-to-the-right department
NASA recently developed a program for manned missions to explore Venus -- even though the planet's surface is 860 degrees, which NASA explains is "hot enough to melt lead." Long-time Slashdot reader Zorro shares this week's article from Newsweek:
As surprising as it may seem, the upper atmosphere of Venus is the most Earth-like location in the solar system. Between altitudes of 30 miles and 40 miles, the pressure and temperature can be compared to regions of the Earth's lower atmosphere. The atmospheric pressure in the Venusian atmosphere at 34 miles is about half that of the pressure at sea level on Earth. In fact you would be fine without a pressure suit, as this is roughly equivalent to the air pressure you would encounter at the summit of Mount Kilimanjaro. Nor would you need to insulate yourself as the temperature here ranges between 68 degrees Fahrenheit and 86 degrees Fahrenheit. The atmosphere above this altitude is also dense enough to protect astronauts from ionising radiation from space. The closer proximity of the sun provides an even greater abundance of available solar radiation than on Earth, which can be used to generate power (approximately 1.4 times greater).... [C]onceivably you could go for a walk on a platform outside the airship, carrying only your air supply and wearing a chemical hazard suit.
Venus is 8 million miles closer to Earth than Mars (though it's 100 times further away than the moon). But the atmosphere around Venus contains traces of sulphuric acid (responsible for its dense clouds), so the vessel would need to be corrosion-resistant material like teflon. (One NASA paper explored the possibility of airbone microbes living in Venus's atmosphere.) There's a slick video from NASA's Langley Research Center titled "A way to explore Venus" showcasing HAVOC -- "High Altitude Venus Operational Concept."
< article continued at Slashdot's second-planet-to-the-right department
>Read Replies (0)
By EditorDavid from Slashdot's flight-tests department
Long-time Slashdot reader Freshly Exhumed writes:
Researchers at the University of Dayton Research Institute [Impact Physics Lab] have shown in a video what can happen when a high-mass, consumer-level drone strikes the wing of an aircraft. They provide visual evidence of the damage a 2.1-pound DJI Phantom 2 videography quadcopter would have upon the wing of a Mooney M20, a small, private aircraft. It is not difficult to extrapolate the effects upon an airliner in a similar situation. "We wanted to help the aviation community and the drone industry understand the dangers that even recreational drones can pose to manned aircraft before a significant event occurs," said Kevin Poormon of UDRI.
The video -- titled "Risk in the Sky?" -- simulates a collision at 238 mph in which the drone tears open the wing's leading edge.
"While the quadcopter broke apart, its energy and mass hung together to create significant damage to the wing," said Kevin Poormon, group leader for impact physics at UDRI.Read Replies (0)
By EditorDavid from Slashdot's self-driving-people department
Car enthusiast McKeel Hagerty -- also the CEO America's largest insurer of classic cars -- recently told a Detroit newspaper about his "Save Driving" campaign to preserve human driving for future generations.
Hagerty said he wants people-driven cars to share the roads, not surrender them, with robot cars. "Driving and the car culture are meaningful for a lot of people," Hagerty said, who still owns the first car he bought 37 years ago for $500. It's a 1967 Porsche 911S, which he restored with his dad. "We feel the car culture needs a champion." Hagerty said he will need 6 million members to have the clout to preserve human driving in the future, but he is not alone in the quest to drum up that support. The Human Driving Association was launched in January and it already has 4,000 members. Both movements have a growing following as many consumers distrust the evolving self-driving car technology, studies show...
[S]ome people fear losing the freedom of personal car ownership and want to have control of their own mobility. They distrust autonomous technology and they worry about the loss of privacy... In Cox Automotive's Evolution of Mobility study released earlier this year, nearly half of the 1,250 consumers surveyed said they would "never" buy a fully autonomous car and indicated they did not believe roads would be safer if all vehicles were self-driving. The study showed 68 percent said they would feel "uncomfortable" riding in car driven fully by a computer. And 84 percent said people should have the option to drive themselves even in an autonomous vehicle. The study showed people's perception of self-driving cars' safety is dwindling. When asked whether the roads would be safer if all vehicles were fully autonomous, 45 percent said yes, compared with 63 percent who answered yes in 2016's study....
< article continued at Slashdot's self-driving-people department
>Read Replies (0)
By EditorDavid from Slashdot's beyond-the-repository department
An anonymous reader quotes TechCrunch:
For the longest time, GitHub was all about storing source code and sharing it either with the rest of the world or your colleagues. Today, the company, which is in the process of being acquired by Microsoft, is taking a step in a different but related direction by launching GitHub Actions. Actions allow developers to not just host code on the platform but also run it. We're not talking about a new cloud to rival AWS here, but instead about something more akin to a very flexible IFTTT for developers who want to automate their development workflows, whether that is sending notifications or building a full continuous integration and delivery pipeline.
This is a big deal for GitHub. Indeed, Sam Lambert, GitHub's head of platform, described it to me as "the biggest shift we've had in the history of GitHub... I see Continuous Integration/Continuous Delivery as one narrow use case of actions. It's so, so much more," Lambert stressed. "And I think it's going to revolutionize DevOps because people are now going to build best in breed deployment workflows for specific applications and frameworks, and those become the de facto standard shared on GitHub... It's going to do everything we did for open source again for the DevOps space and for all those different parts of that workflow ecosystem...."
Over time -- and Lambert seemed to be in favor of this -- GitHub could also allow developers to sell their workflows and Actions through the GitHub marketplace. For now, that's not an option, but it it's definitely that's something the company has been thinking about. Lambert also noted that this could be a way for open source developers who don't want to build an enterprise version of their tools (and the sales force that goes with that) to monetize their efforts.Read Replies (0)
By EditorDavid from Slashdot's crime-doesn't-pay department
An anonymous reader writes:
A 44-year-old, Georgia-based programmer -- who'd been working at Equifax since 2003 -- has been sentenced to eight months of home confinement and a $50,000 fine for insider trading. Working as Equifax's Production Development Manager of Software Engineering in August of 2017, he'd been asked to create a web site where customers could query a database to see if they were affected by a yet-to-be-announced security breach for a high-profile client. Guessing correctly that it was his own employer's breach, he'd used his wife's brokerage account to purchase $2,166.11 in "put" options betting that Equifax's stock price would tumble -- and when it did, he'd scored a hefty profit of $75,167.68.
"As part of his SEC settlement, he must also forfeit $75,979, the ill-gotten funds, plus interest," ZDNet reports, noting that the transactions "came to light after Equifax started internal investigations into several reported cases of employee insider trading." Another federal complaint also alleges that another Equifax executive avoided $117,000 in losses by selling all $1 million of his stock options -- the same day he'd performed a web search about how Experian's stock was affected by a 2015 security breach, but two weeks before Equifax's breach was announced. That case is still ongoing.Read Replies (0)