Slashdot

Subscribe to Slashdot feed Slashdot
News for nerds, stuff that matters
Updated: 38 min 33 sec ago

Climate Modeller Wins $10,000 Wager Against Solar Physicists, Fails To Collect

1 hour 9 min ago
Layzej writes: Back in 2005, solar physicists Galina Mashnich and Vladimir Bashkirtsev made a $10,000 bet that global temperatures, driven primarily by changes in the Sun's activity, would fall over the next decade. The bet would compare the then record hot years between 1998 to 2003 with that between between 2012 and 2017. With temperatures falling from their peak during the 1998 super El-Nino, and solar output continuing to fall, this seemed like a sure bet. The results are now in and all datasets show that climate modeler James Annan is the clear winner. At the time of the wager, Annan had supposed that the reputation of the scientists involved would be enough to ensure payment once the bet was settled. Unfortunately, as was the case with Alfred Russel Wallace's famous 1870 bet against flat-Earthers, the losing parties have refused to pay up. "More precisely, Bashkirtsev is refusing to pay," writes the climate modeler on his blog, "and Mashnich is refusing to even reply to email. "With impressive chutzpah, Bashkirtsev proposed we should arrange a follow-up bet which he would promise to honour."

Read more of this story at Slashdot.

Categories: Linux fréttir

Slashdot Asks: Should 'Crunch' Overtime Be Optional?

Sat, 2018-10-20 23:44
An anonymous reader quotes Forbes: Rockstar Games co-founder and VP Dan Hauser unleashed a storm of controversy when he casually stated in an interview with Vulture that "We were working 100-hour weeks" putting the finishing touches on Red Dead Redemption 2. Reaction was swift with many condemning the ubiquitous practice of crunch time in the video game industry in general and Rockstar's history of imposing harsh demands on its employees in particular... Hauser responded that he was talking about a senior writing team of four people working over a three-week period. This kind of intense short-term engagement was common for the team which had been working together for 12 years. Hauser went on to say that Rockstar doesn't "ask or expect anyone to work anything like this". Employees are given the option of working excessive overtime but doing so is a "choice" not a requirement. A QA tester at Rockstar's Lincoln studio in the UK has taken to Reddit to answer questions and clarify misconceptions about overtime at Rockstar that have arisen in the wake of Hauser's comments.... He has no knowledge of working conditions at other Rockstar studios. The first thing the poster points out is that he and other QA testers (with the possible exception of salaried staff) are paid for their overtime work. He then writes "The other big thing is that this overtime is NOT optional, it is expected of us. If we are not able to work overtime on a certain day without a good reason, you have to make it up on another day. This usually means that if you want a full weekend off that you will have to work a double weekend to make up for it... We have been in crunch since October 9th 2017 which is before I started working here...." [A] requirement to opt into weekly overtime shifts and more than a year of required crunch time ranging from 56 to 81.5 hours spent at work each week is a far, far cry from Hauser's claim that overtime is a "choice" offered to Rockstar's employees. The good news is that Rockstar has changed its overtime policies in response to the negative press engendered by Hauser's 100-hours comment [according to the verified Rock Star employed on Reddit]. Beginning next week "all overtime going forward will be entirely optional, so if we want to work the extra hours and earn the extra money (As well as make yourself look better for progression) then we can do, but there is no longer a rule making us do it." The videogame correspondent for Forbes argues that this "crunch time is the norm" idea in the videogame industry "is unconscionable and untenable. No one, in any line of work, should be expected to sacrifice their family for their job. If people want to devote their life to their job, they should be able to do so but those who would rather work a standard work-week should also be able to do so without suffering adverse job-related consequences." But what do Slashdot's readers think? Should 'crunch' overtime be optional?

Read more of this story at Slashdot.

Categories: Linux fréttir

Popular Mechanics Defends Elon Musk -- While He Tweets About Fortnite

Sat, 2018-10-20 22:44
The November issue of Popular Mechanics includes a message from its editors that Elon Musk is "under attack," arguing that while some criticisms have merit, "much of it is myopic and small-brained, from sideline observers gleefully salivating at the opportunity to take him down a peg." But what have these stock analysts and pontificators done for humanity? Elon Musk is an engineer at heart, a tinkerer, a problem-solver -- the kind of person Popular Mechanics has always championed -- and the problems he's trying to solve are hard. Really hard. He could find better ways to spend his money, that's for sure. And yet there he is, trying to build gasless cars and build reusable rockets and build tunnels that make traffic go away. For all his faults and unpredictability, we need him out there doing that. We need people who have ideas. We need people who take risks. We need people who try. The magazine includes statements from 12 high-profile supporters, including investor Mark Cuban, who writes "When you invest in a company run by an entrepreneur like Elon, you are investing in the mindset and approach that an entrepreneur brings to the table as much as you are valuing the net present value of future cash flows. That is not typical for public companies that are overwhelmingly run by hired CEOs. My advice for Elon is simple: Be yourself. Be true to your mission. Respect your investors. Ignore your critics." Meanwhile, in a Friday post on Twitter, Musk jokingly claimed that he'd purchased and then deleted the game of Fortnite, posting a doctored Marketwatch article quoting him as saying "I had to save these kids from eternal virginity." "Had to been done," tweeted Musk, adding "ur welcome".

Read more of this story at Slashdot.

Categories: Linux fréttir

As PHP Group Patches High-Risk Bugs, 62% of Sites Still Use PHP 5

Sat, 2018-10-20 21:48
America's Multi-State Information Sharing & Analysis Center is operated in collaboration with its Department of Homeland Security's Office of Cybersecurity and Communications -- and they've got some bad news. MS-ISAC released an advisory warning government agencies, businesses, and home users of multiple high-risk security issues in PHP that can allow attackers to execute arbitrary code. Furthermore, if the PHP vulnerabilities are not successfully exploited, attackers could still induce a denial-of-service condition rendering the probed servers unusable... The PHP Group has issued fixes in the PHP 7.1.23 and 7.2.11 releases for all the high-risk bugs that could lead to DoS and arbitrary code execution in all vulnerable PHP 7.1 and 7.2 versions before these latest updates. But meanwhile, Threatpost reported this week that 62% of the world's web sites are still running PHP version 5 -- even though its end of life is December 31st. "The deadlines will not be extended, and it is critical that PHP-based websites are upgraded to ensure that security support is provided," warned a recent CERT notice. So far Drupal is the only CMS posting an official notice requiring upgrades to PHP 7 (by March, three months after the PHP 5.6's end of life deadline). Threatpost notes that "There has been no such notice from WordPress or Joomla."

Read more of this story at Slashdot.

Categories: Linux fréttir

Bloodhound's 1,000 MPH Car Project Needs Money

Sat, 2018-10-20 20:42
AmiMoJo quotes the Guardian: Plans to build a British jet-powered car to speed at more than 1,000mph through the desert have hit quicksand, after the company behind the Bloodhound project entered administration. The dream of an ultra-fast car to break the land speed record led to the creation of Bloodhound Programme Ltd in 2007, with the idea of also engaging schools and students in engineering. Bloodhound has already built and tested a viable racing car to speeds of 200mph, but the project is in debt and needs to find £25m or face being wound up... Bloodhound said its programme had been a catalyst for research and development, as well as helping interest schoolchildren worldwide in science and engineering, with an associated educational campaign reaching more than 2 million children... The planned car is a combination of jet, F1 car and spaceship that would cover the length of four and a half football pitches in a second.

Read more of this story at Slashdot.

Categories: Linux fréttir

Researchers Secretly Deployed A Bot That Submitted Bug-Fixing Pull Requests

Sat, 2018-10-20 19:34
An anonymous reader quotes Martin Monperrus, a professor of software at Stockholm's KTH Royal Institute of Technology: Repairnator is a bot. It constantly monitors software bugs discovered during continuous integration of open-source software and tries to fix them automatically. If it succeeds to synthesize a valid patch, Repairnator proposes the patch to the human developers, disguised under a fake human identity. To date, Repairnator has been able to produce 5 patches that were accepted by the human developers and permanently merged in the code base... It analyzes bugs and produces patches, in the same way as human developers involved in software maintenance activities. This idea of a program repair bot is disruptive, because today humans are responsible for fixing bugs. In others words, we are talking about a bot meant to (partially) replace human developers for tedious tasks.... [F]or a patch to be human-competitive 1) the bot has to synthesize the patch faster than the human developer 2) the patch has to be judged good-enough by the human developer and permanently merged in the code base.... We believe that Repairnator prefigures a certain future of software development, where bots and humans will smoothly collaborate and even cooperate on software artifacts. Their fake identity was a software engineer named Luc Esape, with a profile picture that "looks like a junior developer, eager to make open-source contributions... humans tend to have a priori biases against machines, and are more tolerant to errors if the contribution comes from a human peer. In the context of program repair, this means that developers may put the bar higher on the quality of the patch, if they know that the patch comes from a bot." The researchers proudly published the approving comments on their merged patches -- although a conundrum arose when repairnator submitted a patch for Eclipse Ditto, only to be told that "We can only accept pull-requests which come from users who signed the Eclipse Foundation Contributor License Agreement." "We were puzzled because a bot cannot physically or morally sign a license agreement and is probably not entitled to do so. Who owns the intellectual property and responsibility of a bot contribution: the robot operator, the bot implementer or the repair algorithm designer?"

Read more of this story at Slashdot.

Categories: Linux fréttir

NASA Has Explored Manned Missions To Venus

Sat, 2018-10-20 18:34
NASA recently developed a program for manned missions to explore Venus -- even though the planet's surface is 860 degrees, which NASA explains is "hot enough to melt lead." Long-time Slashdot reader Zorro shares this week's article from Newsweek: As surprising as it may seem, the upper atmosphere of Venus is the most Earth-like location in the solar system. Between altitudes of 30 miles and 40 miles, the pressure and temperature can be compared to regions of the Earth's lower atmosphere. The atmospheric pressure in the Venusian atmosphere at 34 miles is about half that of the pressure at sea level on Earth. In fact you would be fine without a pressure suit, as this is roughly equivalent to the air pressure you would encounter at the summit of Mount Kilimanjaro. Nor would you need to insulate yourself as the temperature here ranges between 68 degrees Fahrenheit and 86 degrees Fahrenheit. The atmosphere above this altitude is also dense enough to protect astronauts from ionising radiation from space. The closer proximity of the sun provides an even greater abundance of available solar radiation than on Earth, which can be used to generate power (approximately 1.4 times greater).... [C]onceivably you could go for a walk on a platform outside the airship, carrying only your air supply and wearing a chemical hazard suit. Venus is 8 million miles closer to Earth than Mars (though it's 100 times further away than the moon). But the atmosphere around Venus contains traces of sulphuric acid (responsible for its dense clouds), so the vessel would need to be corrosion-resistant material like teflon. (One NASA paper explored the possibility of airbone microbes living in Venus's atmosphere.) There's a slick video from NASA's Langley Research Center titled "A way to explore Venus" showcasing HAVOC -- "High Altitude Venus Operational Concept." "A recent internal NASA study...led to the development of an evolutionary program for the exploration of Venus," explains the project's page at NASA.gov, "with focus on the mission architecture and vehicle concept for a 30 day crewed mission into Venus's atmosphere." NASA describes the project as "no longer active," though adding that manned missions to the atmosphere of Venus are possible "with advances in technology and further refinement of the concept."

Read more of this story at Slashdot.

Categories: Linux fréttir

Watch What Happens When A Drone Slams Into An Airplane Wing

Sat, 2018-10-20 17:34
Long-time Slashdot reader Freshly Exhumed writes: Researchers at the University of Dayton Research Institute [Impact Physics Lab] have shown in a video what can happen when a high-mass, consumer-level drone strikes the wing of an aircraft. They provide visual evidence of the damage a 2.1-pound DJI Phantom 2 videography quadcopter would have upon the wing of a Mooney M20, a small, private aircraft. It is not difficult to extrapolate the effects upon an airliner in a similar situation. "We wanted to help the aviation community and the drone industry understand the dangers that even recreational drones can pose to manned aircraft before a significant event occurs," said Kevin Poormon of UDRI. The video -- titled "Risk in the Sky?" -- simulates a collision at 238 mph in which the drone tears open the wing's leading edge. "While the quadcopter broke apart, its energy and mass hung together to create significant damage to the wing," said Kevin Poormon, group leader for impact physics at UDRI.

Read more of this story at Slashdot.

Categories: Linux fréttir

Sentimental Humans Launch A Movement to Save (Human) Driving

Sat, 2018-10-20 16:34
Car enthusiast McKeel Hagerty -- also the CEO America's largest insurer of classic cars -- recently told a Detroit newspaper about his "Save Driving" campaign to preserve human driving for future generations. Hagerty said he wants people-driven cars to share the roads, not surrender them, with robot cars. "Driving and the car culture are meaningful for a lot of people," Hagerty said, who still owns the first car he bought 37 years ago for $500. It's a 1967 Porsche 911S, which he restored with his dad. "We feel the car culture needs a champion." Hagerty said he will need 6 million members to have the clout to preserve human driving in the future, but he is not alone in the quest to drum up that support. The Human Driving Association was launched in January and it already has 4,000 members. Both movements have a growing following as many consumers distrust the evolving self-driving car technology, studies show... [S]ome people fear losing the freedom of personal car ownership and want to have control of their own mobility. They distrust autonomous technology and they worry about the loss of privacy... In Cox Automotive's Evolution of Mobility study released earlier this year, nearly half of the 1,250 consumers surveyed said they would "never" buy a fully autonomous car and indicated they did not believe roads would be safer if all vehicles were self-driving. The study showed 68 percent said they would feel "uncomfortable" riding in car driven fully by a computer. And 84 percent said people should have the option to drive themselves even in an autonomous vehicle. The study showed people's perception of self-driving cars' safety is dwindling. When asked whether the roads would be safer if all vehicles were fully autonomous, 45 percent said yes, compared with 63 percent who answered yes in 2016's study.... Proponents for self-driving cars say the cars would offer mobility to those who cannot drive such as disabled people or elderly people. They say the electric self-driving cars would be better for the environment. Finally, roads would be safer with computers driving, they say. In 2017, the United States had about 40,000 traffic deaths, about 90 percent of which were due to human error, Cox's study said. Alex Roy, founder of the The Human Driving Association, is proposing a third option called "augmented driving" -- allowing people the option to drive, but helping them do it better. "It's a system that would not allow a human to drive into a wall. If I turned the steering wheel toward a wall, the car turns the wheel back the right way," said Roy.

Read more of this story at Slashdot.

Categories: Linux fréttir

GitHub Launches 'Actions' -- Code That Can Be Run (and Maybe Monetized)

Sat, 2018-10-20 15:34
An anonymous reader quotes TechCrunch: For the longest time, GitHub was all about storing source code and sharing it either with the rest of the world or your colleagues. Today, the company, which is in the process of being acquired by Microsoft, is taking a step in a different but related direction by launching GitHub Actions. Actions allow developers to not just host code on the platform but also run it. We're not talking about a new cloud to rival AWS here, but instead about something more akin to a very flexible IFTTT for developers who want to automate their development workflows, whether that is sending notifications or building a full continuous integration and delivery pipeline. This is a big deal for GitHub. Indeed, Sam Lambert, GitHub's head of platform, described it to me as "the biggest shift we've had in the history of GitHub... I see Continuous Integration/Continuous Delivery as one narrow use case of actions. It's so, so much more," Lambert stressed. "And I think it's going to revolutionize DevOps because people are now going to build best in breed deployment workflows for specific applications and frameworks, and those become the de facto standard shared on GitHub... It's going to do everything we did for open source again for the DevOps space and for all those different parts of that workflow ecosystem...." Over time -- and Lambert seemed to be in favor of this -- GitHub could also allow developers to sell their workflows and Actions through the GitHub marketplace. For now, that's not an option, but it it's definitely that's something the company has been thinking about. Lambert also noted that this could be a way for open source developers who don't want to build an enterprise version of their tools (and the sales force that goes with that) to monetize their efforts.

Read more of this story at Slashdot.

Categories: Linux fréttir

Equifax Web Site Designer Fined $50,000 And Confined To Home Over Insider Trading

Sat, 2018-10-20 14:34
An anonymous reader writes: A 44-year-old, Georgia-based programmer -- who'd been working at Equifax since 2003 -- has been sentenced to eight months of home confinement and a $50,000 fine for insider trading. Working as Equifax's Production Development Manager of Software Engineering in August of 2017, he'd been asked to create a web site where customers could query a database to see if they were affected by a yet-to-be-announced security breach for a high-profile client. Guessing correctly that it was his own employer's breach, he'd used his wife's brokerage account to purchase $2,166.11 in "put" options betting that Equifax's stock price would tumble -- and when it did, he'd scored a hefty profit of $75,167.68. "As part of his SEC settlement, he must also forfeit $75,979, the ill-gotten funds, plus interest," ZDNet reports, noting that the transactions "came to light after Equifax started internal investigations into several reported cases of employee insider trading." Another federal complaint also alleges that another Equifax executive avoided $117,000 in losses by selling all $1 million of his stock options -- the same day he'd performed a web search about how Experian's stock was affected by a 2015 security breach, but two weeks before Equifax's breach was announced. That case is still ongoing.

Read more of this story at Slashdot.

Categories: Linux fréttir

HealthCare.gov Portal Suffers Data Breach Exposing 75,000 Customers

Sat, 2018-10-20 13:00
An anonymous reader quotes a report from Gizmodo: Sensitive information belonging to roughly 75,000 individuals was exposed after a government healthcare sign-up system got hacked, the Centers for Medicare & Medicaid Services (CMS) said on Friday. The agency said that "anomalous system activity" was detected last week in the Direct Enrollment system, which Americans use to enroll in healthcare plans via the insurance exchange established under the Affordable Care Act -- also known as Obamacare. A breach was declared on Wednesday. It's unclear why the agency, which is part of the U.S. Department of Health and Human Services, chose to not announce the incident sooner. Officials said the hacked portal is used by insurance agents and brokers to help Americans sign up for coverage and that no other systems were involved. The affected system has been disabled. CMS said it hoped to restore it before the end of next week. "I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available, and open enrollment will not be negatively impacted," CMS Administrator Seema Verma said in a statement. "We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection."

Read more of this story at Slashdot.

Categories: Linux fréttir

Winamp 5.8, the First Update In 4 Years, Is Released

Sat, 2018-10-20 10:00
Winamp, the world's most famous media player, has released version 5.8 to make it compatible with today's modern operating systems such as Windows 8.1 and Windows 10. Bleeping Computer notes that there hasn't been a new updates released since 2014, when Radionomy purchased Winamp from AOL. Some other new features include standalone audio player support, an auto-fullscreen option for videos, updates scrollbars and buttons, and bug fixes. From the report: Radionomy has stated that they are not stopping here and have big plans for Winamp. In an interview with TechCrunch, Radionomy CEO Alexandre Saboundjian, revealed that a massive release is planned for 2019 that aims to add cloud support for streaming music, podcasts, and more. "There will be a completely new version next year, with the legacy of Winamp but a more complete listening experience," Saboundjian stated in the interview. "You can listen to the MP3s you may have at home, but also to the cloud, to podcasts, to streaming radio stations, to a playlist you perhaps have built."

Read more of this story at Slashdot.

Categories: Linux fréttir

Spacecraft BepiColombo Poised For Mission To Mercury

Sat, 2018-10-20 07:00
The European Space Agency is launching a spacecraft to explore the mysteries of Mercury. BepiColombo, named after the Italian mathematician and engineer Giuseppe "Bepi" Colombo, is set to launch at 9:45 p.m. ET Friday aboard an Ariane 5 rocket from a spaceport in French Guiana. The launch will be livestreamed via ESA's website. NPR reports: The spacecraft is actually made up of two probes: One will go into orbit close to the planet, while the other, supplied by the Japan Aerospace Exploration Agency, will orbit farther away, measuring Mercury's magnetic field. "What this lets you do is look at that space environment around Mercury from two different perspectives at exactly the same time," says Nancy Chabot, a planetary scientist at the Johns Hopkins University Applied Physics Laboratory. That gives a clearer picture of what's changing during the 88 days it takes Mercury to make one revolution around the sun. Radar measurements from Earth first suggested that there was ice on Mercury. Earlier this decade, NASA's Messenger mission was able to confirm that the ice was actually there. But Messenger only came close enough to see the ice at Mercury's north pole. The real icy action, Chabot says, is at the south pole. "The largest crater to host these water ice deposits is right smack dab at the south pole of Mercury," she says. "And so I'm very excited that BepiColombo is going to be in an orbit that passes much closer to the southern hemisphere." BepiColombo will take a rather circuitous path to Mercury. It will fly by Earth once, Venus twice and Mercury six times before it is in the right orientation to go into orbit around the innermost planet in our solar system. The entire trip will take slightly more than seven years. When BepiColombo gets into orbit, it may be able to see where Messenger crash-landed on the planet. It is estimated to have made a crater about 60 feet across. UPDATE: BepiColombo successfully blasted off from Europe's spaceport in French Guiana, marking the third ever mission to Mercury. "Launching BepiColombo is a huge milestone for ESA (the European Space Agency) and JAXA, and there will be many great successes to come," ESA Director General Jan Woerner said in a statement. "Beyond completing the challenging journey, this mission will return a huge bounty of science."

Read more of this story at Slashdot.

Categories: Linux fréttir

Earth's Inner Core Is Solid, But Squishier Than Previously Thought

Sat, 2018-10-20 03:30
brindafella writes: Earthquakes are telling scientists more about the core of the Earth, specifically that it is squishier than previously thought (by about 2.5%.) Associate Professor Hrvoje Tkali & Thanh-Son Pham of the Australian National University have made sense of data collected by seismographs around the world to put new numbers on the density and pressure of the core. In Science magazine, they show that the pressure is 167.4 +/- 1.6 gigapascals (GPa) in Earth's center. For reference, standard atmospheric pressure is 101,325 pascals (Pa), so the center of the Earth is around 61 million times this pressure, but still 2.5% lower than expected.

Read more of this story at Slashdot.

Categories: Linux fréttir

Ajit Pai Killed Rules That Could Have Helped Florida Recover From Hurricane

Sat, 2018-10-20 02:10
sharkbiter shares a report from Ars Technica: The Federal Communications Commission chairman slammed wireless carriers on Tuesday for failing to quickly restore phone service in Florida after Hurricane Michael, calling the delay "completely unacceptable." But FCC Chairman Ajit Pai's statement ignored his agency's deregulatory blitz that left consumers without protections designed to ensure restoration of service after disasters, according to longtime telecom attorney and consumer advocate Harold Feld. The Obama-era FCC wrote new regulations to protect consumers after Verizon tried to avoid rebuilding wireline phone infrastructure in Fire Island, New York, after Hurricane Sandy hit the area in October 2012. But Pai repealed those rules, claiming that they prevented carriers from upgrading old copper networks to fiber. Pai's repeal order makes zero mentions of Fire Island and makes reference to Verizon's response to Hurricane Sandy only once, in a footnote. Among other things, the November 2017 FCC action eliminated a requirement that telcos turning off copper networks must provide Americans with service at least as good as those old copper networks. This change lets carriers replace wireline service with mobile service only, even if the new mobile option wouldn't pass a "functional test" that Pai's FCC eliminated. Additionally, "in June 2018, Chairman Pai further deregulated telephone providers to make it easier to discontinue service after a natural disaster," Feld wrote. In response to Pai's deregulation, Feld wrote: "The situation in Florida shows what happens when regulators abandon their responsibilities to protect the public based on unenforceable promises from companies eager to cut costs for maintenance and emergency preparedness. This should be a wake-up call for the 37 states that have eliminated traditional oversight of telecommunications services and those states considering similar deregulation: critical communications services cannot be left without some kind of public oversight."

Read more of this story at Slashdot.

Categories: Linux fréttir

Zero-Day In Popular jQuery Plugin Actively Exploited For At Least Three Years

Sat, 2018-10-20 01:30
Slashdot reader generic shares a report from ZDNet: For at least three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers, ZDNet has learned. The vulnerability impacts the jQuery File Upload plugin authored by prodigious German developer Sebastian Tschan, most commonly known as Blueimp. The plugin is the second most starred jQuery project on GitHub, after the jQuery framework itself. It is immensely popular, has been forked over 7,800 times, and has been integrated into hundreds, if not thousands, of other projects, such as CMSs, CRMs, Intranet solutions, WordPress plugins, Drupal add-ons, Joomla components, and so on. Earlier this year, Larry Cashdollar, a security researcher for Akamai's SIRT (Security Intelligence Response Team), has discovered a vulnerability in the plugin's source code that handles file uploads to PHP servers. Cashdollar says that attackers can abuse this vulnerability to upload malicious files on servers, such as backdoors and web shells. The Akamai researcher says the vulnerability has been exploited in the wild. "I've seen stuff as far back as 2016," the researcher told ZDNet in an interview. The vulnerability was one of the worst kept secrets of the hacker scene and appears to have been actively exploited, even before 2016. Cashdollar found several YouTube videos containing tutorials on how one could exploit the jQuery File Upload plugin vulnerability to take over servers. One of three YouTube videos Cashdollar shared with ZDNet is dated August 2015. Thankfully, the CVE-2018-9206 identifier was pushed earlier this month to address this issue. "All jQuery File Upload versions before 9.22.1 are vulnerable," reports ZDNet. "Since the vulnerability affected the code for handling file uploads for PHP apps, other server-side implementations should be considered safe."

Read more of this story at Slashdot.

Categories: Linux fréttir

Intel Launches 9th Generation Core Processors; Core i9-9900K Benchmarked

Sat, 2018-10-20 00:50
MojoKid writes: Intel lifted the embargo veil today on performance results for its new Core i9-9900K 9th Gen 8-core processor. Intel claims the chip is "the best CPU for gaming" due to its high clock speeds and monolithic 8-core/16-thread design that has beefier cache memory (now 16MB). The chip also has 16-lanes of on-chip PCIe connectivity, official support for dual-channel memory up to DDR4-2666, and a 95 watt TDP. Intel also introduced two other 9th Gen chips today. Intel's Core i7-9700K is also an 8-core processor, but lacks HyperThreading, is clocked slightly lower, and has 4MB of smart cache disabled (12MB total). The Core i5-9600K takes things down to 6 cores / 6 threads, with a higher base clock, but lower boost clock and only 9MB of smart cache. In benchmark testing, the high-end Core i9-9900K's combination of Intel's latest microarchitecture and boost frequencies of up to 5GHz resulted in the best single-threaded performance seen from a desktop processor to date. The chip's 8-cores and 16-threads, larger cache, and higher clocks also resulted in some excellent multi-threaded scores that came close to catching some of Intel's many-core Core X HEDT processors in a few tests. The Core i9-9900K is a very fast processor, but it is also priced as such at $488 in 1KU quantities. That makes it about $185 to $225 pricier than AMD's Ryzen 7 2700X, which is currently selling for about $304 and performs within 3% to 12% of Intel's 8-core chip, depending on workload type.

Read more of this story at Slashdot.

Categories: Linux fréttir

Smart Home Makers Hoard Your Data, But Won't Say If the Police Come For It

Sat, 2018-10-20 00:10
An anonymous reader quotes a report from TechCrunch: Thermostats know the temperature of your house, and smart cameras and sensors know when someone's walking around your home. Smart assistants know what you're asking for, and smart doorbells know who's coming and going. And thanks to the cloud, that data is available to you from anywhere -- you can check in on your pets from your phone or make sure your robot vacuum cleaned the house. Because the data is stored or accessible by the smart home tech makers, law enforcement and government agencies have increasingly sought out data from the companies to solve crimes. And device makers won't say if your smart home gadgets have been used to spy on you. We asked some of the most well-known smart home makers on the market if they plan on releasing a transparency report, or disclose the number of demands they receive for data from their smart home devices. For the most part, we received fairly dismal responses. Amazon did not respond to requests for comment, but a spokesperson for the company said last year that it would not reveal the figures for its Echo smart speakers. Facebook said that its transparency report section will include "any requests related to Portal," its new hardware screen with a camera and a microphone. A spokesperson for the company did not comment on if the company will break out the hardware figures separately. Google also declined to comment, but did point TechCruch to Nest's transparency report. Apple, the last of the big tech giants, said that there's no need to disclose its smart home figures because there would be nothing to report, adding that user requests made to HomePod are given a random identifier that cannot be tied to a person. TechCrunch also asked a number of smaller smart home players, like August, iRobot, Arlo, Ring, Honeywell, Canary, Samsung, and Ecobee.

Read more of this story at Slashdot.

Categories: Linux fréttir

Some Google Pixel Owners' Camera Photos Aren't Saving

Fri, 2018-10-19 23:30
Some users on Reddit and Google's support forums are reporting an issue in which taking a photo using Google Camera occasionally fails to save. The issue appears to be widespread, "affecting original Pixel phones as well as the Pixel 2 / 2 XL," reports The Verge. From the report: The issue occurs specifically in cases when the user takes a photo with Google Camera, and switches to another app or locks the phone immediately after. Users are able to see a thumbnail of the photo in the Camera gallery circle, but upon tapping it, the photo disappears. In some occasions, the photo doesn't appear at all at first, but it will reappear in their gallery a day later. There's also some reports of Galaxy S9, Moto Z2, Moto E4, and Nexus 5X owners experiencing the issue after using Google Camera, so it's unclear whether the issue is limited to Pixel phones or if it's connected to a larger Android bug. For now, users have come up with a workaround for an issue they believe is related to HDR photo processing time. Reddit user erbat suggests leaving the camera app open until HDR processing completes or turning off the HDR function completely.

Read more of this story at Slashdot.

Categories: Linux fréttir

Pages