By EditorDavid from Slashdot's more-than-40-hour-work-weeks department
An anonymous reader quotes Forbes:
Rockstar Games co-founder and VP Dan Hauser unleashed a storm of controversy when he casually stated in an interview with Vulture that "We were working 100-hour weeks" putting the finishing touches on Red Dead Redemption 2. Reaction was swift with many condemning the ubiquitous practice of crunch time in the video game industry in general and Rockstar's history of imposing harsh demands on its employees in particular... Hauser responded that he was talking about a senior writing team of four people working over a three-week period. This kind of intense short-term engagement was common for the team which had been working together for 12 years. Hauser went on to say that Rockstar doesn't "ask or expect anyone to work anything like this". Employees are given the option of working excessive overtime but doing so is a "choice" not a requirement.
A QA tester at Rockstar's Lincoln studio in the UK has taken to Reddit to answer questions and clarify misconceptions about overtime at Rockstar that have arisen in the wake of Hauser's comments.... He has no knowledge of working conditions at other Rockstar studios. The first thing the poster points out is that he and other QA testers (with the possible exception of salaried staff) are paid for their overtime work. He then writes "The other big thing is that this overtime is NOT optional, it is expected of us. If we are not able to work overtime on a certain day without a good reason, you have to make it up on another day. This usually means that if you want a full weekend off that you will have to work a double weekend to make up for it... We have been in crunch since October 9th 2017 which is before I started working here...."
< article continued at Slashdot's more-than-40-hour-work-weeks department
>Read Replies (0)
By EditorDavid from Slashdot's status-updates department
The November issue of Popular Mechanics includes a message from its editors that Elon Musk is "under attack," arguing that while some criticisms have merit, "much of it is myopic and small-brained, from sideline observers gleefully salivating at the opportunity to take him down a peg."
But what have these stock analysts and pontificators done for humanity? Elon Musk is an engineer at heart, a tinkerer, a problem-solver -- the kind of person Popular Mechanics has always championed -- and the problems he's trying to solve are hard. Really hard. He could find better ways to spend his money, that's for sure. And yet there he is, trying to build gasless cars and build reusable rockets and build tunnels that make traffic go away. For all his faults and unpredictability, we need him out there doing that. We need people who have ideas. We need people who take risks. We need people who try.
The magazine includes statements from 12 high-profile supporters, including investor Mark Cuban, who writes "When you invest in a company run by an entrepreneur like Elon, you are investing in the mindset and approach that an entrepreneur brings to the table as much as you are valuing the net present value of future cash flows. That is not typical for public companies that are overwhelmingly run by hired CEOs. My advice for Elon is simple: Be yourself. Be true to your mission. Respect your investors. Ignore your critics."
Meanwhile, in a Friday post on Twitter, Musk jokingly claimed that he'd purchased and then deleted the game of Fortnite, posting a doctored Marketwatch article quoting him as saying "I had to save these kids from eternal virginity."
"Had to been done," tweeted Musk, adding "ur welcome".Read Replies (0)
By EditorDavid from Slashdot's batches-of-patches department
America's Multi-State Information Sharing & Analysis Center is operated in collaboration with its Department of Homeland Security's Office of Cybersecurity and Communications -- and they've got some bad news.
MS-ISAC released an advisory warning government agencies, businesses, and home users of multiple high-risk security issues in PHP that can allow attackers to execute arbitrary code. Furthermore, if the PHP vulnerabilities are not successfully exploited, attackers could still induce a denial-of-service condition rendering the probed servers unusable... The PHP Group has issued fixes in the PHP 7.1.23 and 7.2.11 releases for all the high-risk bugs that could lead to DoS and arbitrary code execution in all vulnerable PHP 7.1 and 7.2 versions before these latest updates.
But meanwhile, Threatpost reported this week that 62% of the world's web sites are still running PHP version 5 -- even though its end of life is December 31st. "The deadlines will not be extended, and it is critical that PHP-based websites are upgraded to ensure that security support is provided," warned a recent CERT notice.
So far Drupal is the only CMS posting an official notice requiring upgrades to PHP 7 (by March, three months after the PHP 5.6's end of life deadline). Threatpost notes that "There has been no such notice from WordPress or Joomla."Read Replies (0)
By EditorDavid from Slashdot's willing-to-commit department
An anonymous reader quotes Martin Monperrus, a professor of software at Stockholm's KTH Royal Institute of Technology:
Repairnator is a bot. It constantly monitors software bugs discovered during continuous integration of open-source software and tries to fix them automatically. If it succeeds to synthesize a valid patch, Repairnator proposes the patch to the human developers, disguised under a fake human identity. To date, Repairnator has been able to produce 5 patches that were accepted by the human developers and permanently merged in the code base...
It analyzes bugs and produces patches, in the same way as human developers involved in software maintenance activities. This idea of a program repair bot is disruptive, because today humans are responsible for fixing bugs. In others words, we are talking about a bot meant to (partially) replace human developers for tedious tasks.... [F]or a patch to be human-competitive 1) the bot has to synthesize the patch faster than the human developer 2) the patch has to be judged good-enough by the human developer and permanently merged in the code base.... We believe that Repairnator prefigures a certain future of software development, where bots and humans will smoothly collaborate and even cooperate on software artifacts.
Their fake identity was a software engineer named Luc Esape, with a profile picture that "looks like a junior developer, eager to make open-source contributions... humans tend to have a priori biases against machines, and are more tolerant to errors if the contribution comes from a human peer. In the context of program repair, this means that developers may put the bar higher on the quality of the patch, if they know that the patch comes from a bot."
< article continued at Slashdot's willing-to-commit department
>Read Replies (0)
By EditorDavid from Slashdot's second-planet-to-the-right department
NASA recently developed a program for manned missions to explore Venus -- even though the planet's surface is 860 degrees, which NASA explains is "hot enough to melt lead." Long-time Slashdot reader Zorro shares this week's article from Newsweek:
As surprising as it may seem, the upper atmosphere of Venus is the most Earth-like location in the solar system. Between altitudes of 30 miles and 40 miles, the pressure and temperature can be compared to regions of the Earth's lower atmosphere. The atmospheric pressure in the Venusian atmosphere at 34 miles is about half that of the pressure at sea level on Earth. In fact you would be fine without a pressure suit, as this is roughly equivalent to the air pressure you would encounter at the summit of Mount Kilimanjaro. Nor would you need to insulate yourself as the temperature here ranges between 68 degrees Fahrenheit and 86 degrees Fahrenheit. The atmosphere above this altitude is also dense enough to protect astronauts from ionising radiation from space. The closer proximity of the sun provides an even greater abundance of available solar radiation than on Earth, which can be used to generate power (approximately 1.4 times greater).... [C]onceivably you could go for a walk on a platform outside the airship, carrying only your air supply and wearing a chemical hazard suit.
Venus is 8 million miles closer to Earth than Mars (though it's 100 times further away than the moon). But the atmosphere around Venus contains traces of sulphuric acid (responsible for its dense clouds), so the vessel would need to be corrosion-resistant material like teflon. (One NASA paper explored the possibility of airbone microbes living in Venus's atmosphere.) There's a slick video from NASA's Langley Research Center titled "A way to explore Venus" showcasing HAVOC -- "High Altitude Venus Operational Concept."
< article continued at Slashdot's second-planet-to-the-right department
>Read Replies (0)
By EditorDavid from Slashdot's flight-tests department
Long-time Slashdot reader Freshly Exhumed writes:
Researchers at the University of Dayton Research Institute [Impact Physics Lab] have shown in a video what can happen when a high-mass, consumer-level drone strikes the wing of an aircraft. They provide visual evidence of the damage a 2.1-pound DJI Phantom 2 videography quadcopter would have upon the wing of a Mooney M20, a small, private aircraft. It is not difficult to extrapolate the effects upon an airliner in a similar situation. "We wanted to help the aviation community and the drone industry understand the dangers that even recreational drones can pose to manned aircraft before a significant event occurs," said Kevin Poormon of UDRI.
The video -- titled "Risk in the Sky?" -- simulates a collision at 238 mph in which the drone tears open the wing's leading edge.
"While the quadcopter broke apart, its energy and mass hung together to create significant damage to the wing," said Kevin Poormon, group leader for impact physics at UDRI.Read Replies (0)
By EditorDavid from Slashdot's self-driving-people department
Car enthusiast McKeel Hagerty -- also the CEO America's largest insurer of classic cars -- recently told a Detroit newspaper about his "Save Driving" campaign to preserve human driving for future generations.
Hagerty said he wants people-driven cars to share the roads, not surrender them, with robot cars. "Driving and the car culture are meaningful for a lot of people," Hagerty said, who still owns the first car he bought 37 years ago for $500. It's a 1967 Porsche 911S, which he restored with his dad. "We feel the car culture needs a champion." Hagerty said he will need 6 million members to have the clout to preserve human driving in the future, but he is not alone in the quest to drum up that support. The Human Driving Association was launched in January and it already has 4,000 members. Both movements have a growing following as many consumers distrust the evolving self-driving car technology, studies show...
[S]ome people fear losing the freedom of personal car ownership and want to have control of their own mobility. They distrust autonomous technology and they worry about the loss of privacy... In Cox Automotive's Evolution of Mobility study released earlier this year, nearly half of the 1,250 consumers surveyed said they would "never" buy a fully autonomous car and indicated they did not believe roads would be safer if all vehicles were self-driving. The study showed 68 percent said they would feel "uncomfortable" riding in car driven fully by a computer. And 84 percent said people should have the option to drive themselves even in an autonomous vehicle. The study showed people's perception of self-driving cars' safety is dwindling. When asked whether the roads would be safer if all vehicles were fully autonomous, 45 percent said yes, compared with 63 percent who answered yes in 2016's study....
< article continued at Slashdot's self-driving-people department
>Read Replies (0)
By EditorDavid from Slashdot's beyond-the-repository department
An anonymous reader quotes TechCrunch:
For the longest time, GitHub was all about storing source code and sharing it either with the rest of the world or your colleagues. Today, the company, which is in the process of being acquired by Microsoft, is taking a step in a different but related direction by launching GitHub Actions. Actions allow developers to not just host code on the platform but also run it. We're not talking about a new cloud to rival AWS here, but instead about something more akin to a very flexible IFTTT for developers who want to automate their development workflows, whether that is sending notifications or building a full continuous integration and delivery pipeline.
This is a big deal for GitHub. Indeed, Sam Lambert, GitHub's head of platform, described it to me as "the biggest shift we've had in the history of GitHub... I see Continuous Integration/Continuous Delivery as one narrow use case of actions. It's so, so much more," Lambert stressed. "And I think it's going to revolutionize DevOps because people are now going to build best in breed deployment workflows for specific applications and frameworks, and those become the de facto standard shared on GitHub... It's going to do everything we did for open source again for the DevOps space and for all those different parts of that workflow ecosystem...."
Over time -- and Lambert seemed to be in favor of this -- GitHub could also allow developers to sell their workflows and Actions through the GitHub marketplace. For now, that's not an option, but it it's definitely that's something the company has been thinking about. Lambert also noted that this could be a way for open source developers who don't want to build an enterprise version of their tools (and the sales force that goes with that) to monetize their efforts.Read Replies (0)
By EditorDavid from Slashdot's crime-doesn't-pay department
An anonymous reader writes:
A 44-year-old, Georgia-based programmer -- who'd been working at Equifax since 2003 -- has been sentenced to eight months of home confinement and a $50,000 fine for insider trading. Working as Equifax's Production Development Manager of Software Engineering in August of 2017, he'd been asked to create a web site where customers could query a database to see if they were affected by a yet-to-be-announced security breach for a high-profile client. Guessing correctly that it was his own employer's breach, he'd used his wife's brokerage account to purchase $2,166.11 in "put" options betting that Equifax's stock price would tumble -- and when it did, he'd scored a hefty profit of $75,167.68.
"As part of his SEC settlement, he must also forfeit $75,979, the ill-gotten funds, plus interest," ZDNet reports, noting that the transactions "came to light after Equifax started internal investigations into several reported cases of employee insider trading." Another federal complaint also alleges that another Equifax executive avoided $117,000 in losses by selling all $1 million of his stock options -- the same day he'd performed a web search about how Experian's stock was affected by a 2015 security breach, but two weeks before Equifax's breach was announced. That case is still ongoing.Read Replies (0)
By BeauHD from Slashdot's long-overdue department
Winamp, the world's most famous media player, has released version 5.8 to make it compatible with today's modern operating systems such as Windows 8.1 and Windows 10. Bleeping Computer notes that there hasn't been a new updates released since 2014, when Radionomy purchased Winamp from AOL. Some other new features include standalone audio player support, an auto-fullscreen option for videos, updates scrollbars and buttons, and bug fixes. From the report: Radionomy has stated that they are not stopping here and have big plans for Winamp. In an interview with TechCrunch, Radionomy CEO Alexandre Saboundjian, revealed that a massive release is planned for 2019 that aims to add cloud support for streaming music, podcasts, and more. "There will be a completely new version next year, with the legacy of Winamp but a more complete listening experience," Saboundjian stated in the interview. "You can listen to the MP3s you may have at home, but also to the cloud, to podcasts, to streaming radio stations, to a playlist you perhaps have built."Read Replies (0)
By BeauHD from Slashdot's flying-under-the-radar department
Slashdot reader generic shares a report from ZDNet: For at least three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers, ZDNet has learned. The vulnerability impacts the jQuery File Upload plugin authored by prodigious German developer Sebastian Tschan, most commonly known as Blueimp. The plugin is the second most starred jQuery project on GitHub, after the jQuery framework itself. It is immensely popular, has been forked over 7,800 times, and has been integrated into hundreds, if not thousands, of other projects, such as CMSs, CRMs, Intranet solutions, WordPress plugins, Drupal add-ons, Joomla components, and so on.
Earlier this year, Larry Cashdollar, a security researcher for Akamai's SIRT (Security Intelligence Response Team), has discovered a vulnerability in the plugin's source code that handles file uploads to PHP servers. Cashdollar says that attackers can abuse this vulnerability to upload malicious files on servers, such as backdoors and web shells. The Akamai researcher says the vulnerability has been exploited in the wild. "I've seen stuff as far back as 2016," the researcher told ZDNet in an interview. The vulnerability was one of the worst kept secrets of the hacker scene and appears to have been actively exploited, even before 2016. Cashdollar found several YouTube videos containing tutorials on how one could exploit the jQuery File Upload plugin vulnerability to take over servers. One of three YouTube videos Cashdollar shared with ZDNet is dated August 2015. Thankfully, the CVE-2018-9206 identifier was pushed earlier this month to address this issue. "All jQuery File Upload versions before 9.22.1 are vulnerable," reports ZDNet. "Since the vulnerability affected the code for handling file uploads for PHP apps, other server-side implementations should be considered safe."Read Replies (0)
By BeauHD from Slashdot's new-and-improved department
MojoKid writes: Intel lifted the embargo veil today on performance results for its new Core i9-9900K 9th Gen 8-core processor. Intel claims the chip is "the best CPU for gaming" due to its high clock speeds and monolithic 8-core/16-thread design that has beefier cache memory (now 16MB). The chip also has 16-lanes of on-chip PCIe connectivity, official support for dual-channel memory up to DDR4-2666, and a 95 watt TDP. Intel also introduced two other 9th Gen chips today. Intel's Core i7-9700K is also an 8-core processor, but lacks HyperThreading, is clocked slightly lower, and has 4MB of smart cache disabled (12MB total). The Core i5-9600K takes things down to 6 cores / 6 threads, with a higher base clock, but lower boost clock and only 9MB of smart cache. In benchmark testing, the high-end Core i9-9900K's combination of Intel's latest microarchitecture and boost frequencies of up to 5GHz resulted in the best single-threaded performance seen from a desktop processor to date. The chip's 8-cores and 16-threads, larger cache, and higher clocks also resulted in some excellent multi-threaded scores that came close to catching some of Intel's many-core Core X HEDT processors in a few tests. The Core i9-9900K is a very fast processor, but it is also priced as such at $488 in 1KU quantities. That makes it about $185 to $225 pricier than AMD's Ryzen 7 2700X, which is currently selling for about $304 and performs within 3% to 12% of Intel's 8-core chip, depending on workload type.Read Replies (0)
By BeauHD from Slashdot's lips-sealed department
An anonymous reader quotes a report from TechCrunch: Thermostats know the temperature of your house, and smart cameras and sensors know when someone's walking around your home. Smart assistants know what you're asking for, and smart doorbells know who's coming and going. And thanks to the cloud, that data is available to you from anywhere -- you can check in on your pets from your phone or make sure your robot vacuum cleaned the house. Because the data is stored or accessible by the smart home tech makers, law enforcement and government agencies have increasingly sought out data from the companies to solve crimes. And device makers won't say if your smart home gadgets have been used to spy on you. We asked some of the most well-known smart home makers on the market if they plan on releasing a transparency report, or disclose the number of demands they receive for data from their smart home devices. For the most part, we received fairly dismal responses. Amazon did not respond to requests for comment, but a spokesperson for the company said last year that it would not reveal the figures for its Echo smart speakers. Facebook said that its transparency report section will include "any requests related to Portal," its new hardware screen with a camera and a microphone. A spokesperson for the company did not comment on if the company will break out the hardware figures separately. Google also declined to comment, but did point TechCruch to Nest's transparency report. Apple, the last of the big tech giants, said that there's no need to disclose its smart home figures because there would be nothing to report, adding that user requests made to HomePod are given a random identifier that cannot be tied to a person. TechCrunch also asked a number of smaller smart home players, like August, iRobot, Arlo, Ring, Honeywell, Canary, Samsung, and Ecobee.Read Replies (0)
By BeauHD from Slashdot's lost-memories department
Some users on Reddit and Google's support forums are reporting an issue in which taking a photo using Google Camera occasionally fails to save. The issue appears to be widespread, "affecting original Pixel phones as well as the Pixel 2 / 2 XL," reports The Verge. From the report: The issue occurs specifically in cases when the user takes a photo with Google Camera, and switches to another app or locks the phone immediately after. Users are able to see a thumbnail of the photo in the Camera gallery circle, but upon tapping it, the photo disappears. In some occasions, the photo doesn't appear at all at first, but it will reappear in their gallery a day later.
There's also some reports of Galaxy S9, Moto Z2, Moto E4, and Nexus 5X owners experiencing the issue after using Google Camera, so it's unclear whether the issue is limited to Pixel phones or if it's connected to a larger Android bug. For now, users have come up with a workaround for an issue they believe is related to HDR photo processing time. Reddit user erbat suggests leaving the camera app open until HDR processing completes or turning off the HDR function completely.Read Replies (0)
By msmash from Slashdot's end-of-road department
Liquavista, a screen tech company Amazon acquired five years ago, has shut down. Rumblings of Liquavista's potential closure have been bouncing around the e-reader community for more than six months. It remains unclear if Liquavista's work has been brought inside Amazon and moved to other parts of the organization, or if it was shut down entirely. Amazon declined to release further details. From a report: Launched in 2006 as a spin off from Philips, Liquavista had been developing a unique type of screen tech that was based on running an electric current through a liquid. This is called electrowetting technology, which is a fancy way of saying that each pixel in a Liquavista screen contained 3 liquids (red, green, blue), and that the color shown by a pixel depended on the amount of power fed into each liquid. [...] The screens were originally being developed as a solution to the battery life issue. Mobile battery life was terrible back in the pre-iPad, pre-iPhone, and pre-netbook era, and people were willing to pay a premium for a screen which used less power than typical LCD screens.Read Replies (0)