PayPal, HubSpot Announce Layoffs

PayPal unveiled plans Tuesday to cut 2,000 employees, becoming the latest U.S. company to reduce its headcount, just hours after software company HubSpot announced it would lay off 500 positions in an effort to reduce costs as the company struggles from a “perfect storm” of inflation, tight customer budgets and “volatile foreign exchange.” Forbes reports: In a statement on Tuesday, online payment company PayPal announced it would cut 7% of its global workforce (2,000 full-time positions) amid a “competitive landscape” and a “challenging macro-economic environment,” CEO Dan Schulman said.

HubSpot, a Cambridge, Massachusetts-based software company, said it would cut 7% of its workforce by the end of the first quarter of 2023 in a Securities and Exchange Commission filing, as part of a restructuring plan, with CEO Yamini Rangan telling staff it follows a “downward trend” after the company “bloomed” in the Covid-19 pandemic, with HubSpot facing a “faster deceleration than we expected.” Yesterday, Philips said it would cut 3,000 jobs worldwide in 2023 and 6,000 total by 2025 after announcing $1.7 billion in losses for 2022. Spotify, IBM, Google, Microsoft, Amazon, and a slew of other tech companies announced layoffs in recent days/weeks as well.

Further reading: PagerDuty CEO Quotes MLK Jr. In Worst Layoff Email Ever

Read more of this story at Slashdot.

Sony Halves Reported Sales Expectations For Coming PSVR2 Headset

Sony is drastically scaling back its sales expectations for next month’s launch of the PlayStation VR2 headset, according to a Bloomberg report citing “people familiar with [Sony’s] deliberations.” Ars Technica reports: The PlayStation 5 maker now expects to sell just 1 million PSVR2 units by the end of March, down from sales expectations of 2 million units in that period, as reported last October. Sony expects to sell about 1.5 million more headsets in the following fiscal year, which ends in March 2024, according to the report. The scaled-back sales expectations would put the PSVR2 slightly ahead of the pace set by the original PSVR headset, which sold just under a million units in its first four months and 2 million units in just over a year. But that kind of sales pace looks less impressive today, when a headset like the Meta Quest 2 can sell a reported 2.8 million units in its first quarter, on its way to total sales of over 15 million, according to market analysis firm IDC.

The Quest 2 has a few key advantages in the competition with Sony’s upcoming headset, including an asking price that’s $150 less, even after a recent price hike. The self-contained Quest 2 also doesn’t need to be tethered to any external hardware, contrasting with the PSVR2’s reliance on a hookup to a $499 PlayStation 5. Despite the Quest 2’s success at its relatively low price, though, the VR industry at large seems to be moving toward the higher end of the pricing spectrum these days. Meta’s Quest Pro launched last October at a bafflingly high $1,499, though a one-week sale has slashed that price by $400 for the moment. And next month’s standalone Vive XR Elite will cost $1,099.

Read more of this story at Slashdot.

Microsoft Upgrades Defender To Lock Down Linux Devices For Their Own Good

Organizations using Microsoft’s Defender for Endpoint will now be able to isolate Linux devices from their networks to stop miscreants from remotely connecting to them. The Register reports: The device isolation capability is in public preview and mirrors what the product already does for Windows systems. “Some attack scenarios may require you to isolate a device from the network,” Microsoft wrote in a blog post. “This action can help prevent the attacker from controlling the compromised device and performing further activities such as data exfiltration and lateral movement. Just like in Windows devices, this device isolation feature.” Intruders won’t be able to connect to the device or run operations like assuming unauthorized control of the system or stealing sensitive data, Microsoft claims.

According to the vendor, when the device is isolated, it is limited in the processes and web destinations that are allowed. That means if they’re behind a full VPN tunnel, they won’t be able to reach Microsoft’s Defender for Endpoint cloud services. Microsoft recommends that enterprises use a split-tunneling VPN for cloud-based traffic for both Defender for Endpoint and Defender Antivirus. Once the situation that caused the isolation is cleared up, organizations will be able to reconnect the device to the network. Isolating the system is done via APIs. Users can get to the device page of the Linux systems through the Microsoft 365 Defender portal, where they will see an “Isolate Device” tab in the upper right among other response actions. Microsoft has outlined the APIs for both isolating the device and releasing it from lock down.

Read more of this story at Slashdot.

KeePass Disputes Vulnerability Allowing Stealthy Password Theft

The development team behind the open-source password management software KeePass is disputing what is described as a newly found vulnerability that allows attackers to stealthily export the entire database in plain text. BleepingComputer reports: KeePass is a very popular open-source password manager that allows you to manage your passwords using a locally stored database, rather than a cloud-hosted one, such as LastPass or Bitwarden. To secure these local databases, users can encrypt them using a master password so that malware or a threat actor can’t just steal the database and automatically gain access to the passwords stored within it. The new vulnerability is now tracked as CVE-2023-24055, and it enables threat actors with write access to a target’s system to alter the KeePass XML configuration file and inject a malicious trigger that would export the database, including all usernames and passwords in cleartext. The next time the target launches KeePass and enters the master password to open and decrypt the database, the export rule will be triggered, and the contents of the database will be saved to a file the attackers can later exfiltrate to a system under their control. However, this export process launches in the background without the user being notified or KeePass requesting the master password to be entered as confirmation before exporting, allowing the threat actor to quietly gain access to all of the stored passwords. […]

While the CERT teams of Netherlands and Belgium have also issued security advisories regarding CVE-2023-24055, the KeePass development team is arguing that this shouldn’t be classified as a vulnerability given that attackers with write access to a target’s device can also obtain the information contained within the KeePass database through other means. In fact, a “Security Issues” page on the KeePass Help Center has been describing the “Write Access to Configuration File” issue since at least April 2019 as “not really a security vulnerability of KeePass.” If the user has installed KeePass as a regular program and the attackers have write access, they can also “perform various kinds of attacks.” Threat actors can also replace the KeePass executable with malware if the user runs the portable version.

“In both cases, having write access to the KeePass configuration file typically implies that an attacker can actually perform much more powerful attacks than modifying the configuration file (and these attacks in the end can also affect KeePass, independent of a configuration file protection),” the KeePass developers explain. “These attacks can only be prevented by keeping the environment secure (by using an anti-virus software, a firewall, not opening unknown e-mail attachments, etc.). KeePass cannot magically run securely in an insecure environment.” If the KeePass devs don’t release a version of the app that addresses this issue, BleepingComputer notes “you could still secure your database by logging in as a system admin and creating an enforced configuration file.”

“This type of config file takes precedence over settings described in global and local configuration files, including new triggers added by malicious actors, thus mitigating the CVE-2023-24055 issue.”

Read more of this story at Slashdot.

Frontier’s Bringing Its 5-Gig Fiber Network Across the Country

Frontier, an internet service provider (ISP) that services 25 US states, has just launched 5 Gig fiber internet service across its entire network. The Verge reports: Frontier launched 2 Gig fiber internet service less than a year ago, and the 5 Gig plan is currently available in all of Frontier’s fiber-connected markets, with no phased rollouts. Compared to the cable-bound internet that most of us are familiar with, Frontier’s 5 Gig internet is reported to have upload speeds that are up to 125 times faster and up to five times faster downloads, all delivered with less latency. The new 5 Gig network is one of the fastest internet options currently available in the US, with other fiber-enabled ISPs like Verizon Fios and Google Fiber still capped at around 2Gbps.

Right now, the only other 5 Gig network currently available in the US is through AT&T, which offers 2 Gig and 5 Gig plans. Google Fiber is also slated to add 5-gig and 8-gig plans to its lineup sometime this year, despite its numerous setbacks.

Read more of this story at Slashdot.

Students Lost One-Third of a School Year To Pandemic, Study Finds

Children experienced learning deficits during the Covid pandemic that amounted to about one-third of a school year’s worth of knowledge and skills, according to a new global analysis, and had not recovered from those losses more than two years later. The New York Times reports: Learning delays and regressions were most severe in developing countries and among students from low-income backgrounds, researchers said, worsening existing disparities and threatening to follow children into higher education and the work force. The analysis, published Monday in the journal Nature Human Behavior and drawing on data from 15 countries, provided the most comprehensive account to date of the academic hardships wrought by the pandemic. The findings suggest that the challenges of remote learning — coupled with other stressors that plagued children and families throughout the pandemic — were not rectified when school doors reopened.

“In order to recover what was lost, we have to be doing more than just getting back to normal,” said Bastian Betthauser, a researcher at the Center for Research on Social Inequalities at Sciences Po in Paris, who was a co-author on the review. He urged officials worldwide to provide intensive summer programs and tutoring initiatives that target poorer students who fell furthest behind. Thomas Kane, the faculty director of the Center for Education Policy Research at Harvard, who has studied school interruptions in the United States, reviewed the global analysis. Without immediate and aggressive intervention, he said, “learning loss will be the longest-lasting and most inequitable legacy of the pandemic.”

[…] Because children have a finite capacity to absorb new material, Mr. Betthauser said, teachers cannot simply move faster or extend school hours, and traditional interventions like private tutoring rarely target the most disadvantaged groups. Without creative solutions, he said, the labor market ought to “brace for serious downstream effects.” Children who were in school during the pandemic could lose about $70,000 in earnings over their lifetimes if the deficits aren’t recovered, according to Eric Hanushek, an economist at the Hoover Institution at Stanford. In some states, pandemic-era students could ultimately earn almost 10 percent less than those who were educated just before the pandemic. The societal losses, he said, could amount to $28 trillion over the rest of the century.

Read more of this story at Slashdot.

D&D Won’t Change Its Original 1.0 OGL License, Reference Document Enters Creative Commons

An anonymous reader shares a report from PC Gamer:

In a blog post published Friday, Wizards of the Coast announced that it is fully putting the kibosh on the proposed Open Gaming License (OGL) 1.2 that threw the tabletop RPG community into disarray at the beginning of this month.

Instead, Wizards will leave the previously enshrined OGL 1.0 in place, while also putting the latest D&D Systems Reference Document (SRD 5.1) under a Creative Commons License (thanks to GamesRadar for the spot).

The original OGL was put in place with the third edition of D&D in 2000, and allowed other companies and creators to base their work off D&D and the d20 system without payment to or oversight from Wizards. A draft of a revised OGL 1.1 leaked early in January, which proposed royalty payments and creative control by Wizards over derivative works. This immediately incited a backlash from fans. Wizards backpedaled, introducing a softer OGL 1.2 that would still replace the original, and opened the community survey cited in today’s announcement.

With 15,000 respondents in, the results of the survey were pretty damning. 88% didn’t “want to publish TTRPG content under OGL 1.2,” while 89% were “dissatisfied with deauthorizing OGL 1.0a.” 62% were happy that Wizards would put prior SRD versions under Creative Commons, with most of the dissenters wanting more Creative Commons-protected content.

In response, Wizards of the Coast caved.

“We welcome today’s news from Wizards of the Coast regarding their intention not to de-authorize OGL 1.0a,” tweeted Pathfinder publisher Paizo, who’d launched an effort to move the industry away from WotC’s OGL. But “We still believe there is a powerful need for an irrevocable, perpetual independent system-neutral open license that will serve the tabletop community via nonprofit stewardship.

“Work on the ORC license will continue, with an expected first draft to release for comment to participating publishers in February.”

Read more of this story at Slashdot.

Classic Videogame ‘Goldeneye 007’ Finally Comes to Nintendo Switch and Xbox

The classic 1997 vidoegame GoldenEye 007 “has finally landed on Xbox and Nintendo Switch,” writes the Verge:
On Xbox, the remaster includes 4K resolution, smoother frame rates, and split-screen local multiplayer, similar to a 2008-era bound-for-Xbox 360 version that was canceled amid licensing and rights issues but leaked out in 2021.
Meanwhile CNET describes the Switch version:
You’ll need to be subscribed to Switch Online’s $50-a-year Expansion Pack tier to access GoldenEye and other N64 games. Online multiplayer is exclusive to the Switch release, the official 007 website noted, but this version is otherwise the same as the N64 original.
But “No high-def for them,” adds Esquire:
GoldenEye 007 marks a rare case in gaming history, where the title never left the gamer zeitgeist. It has been talked about, wished over, remade, and totally Frankensteined in the modding and emulation community….

Rare, a favorite game studio of mine — its crew is responsible for many of my childhood memories, making Banjo Kazzoie, Donkey Kong Country, Perfect Dark, Conker’s Bad Fur Day, and so many more — was always a Nintendo sweetheart. Until it was acquired back in 2002 by Microsoft. While Rare didn’t pump out as many massive hits after the acquisition, the studio is responsible for one of my favorite games, Sea of Thieves. But arguably no game from those folks made more of a splash than Goldeneye.

CNN reports:
Based on the 1995 film “GoldenEye,” the game follows a block-like version of Pierce Brosnan’s 007 as he shoots his way through various locales, all while a synthy version of the signature Bond theme plays….

The return of “GoldenEye 007,” often referred to as one of the greatest video games of all time, has been years in the making. The Verge reported last year that rights issues blocked developers from releasing it on newer consoles, including Xbox, since at least 2008. Undeterred N64 fans even attempted to remake the game themselves on several occasions, though the original rights holders usually shut them down.

Modern players “may not realise how many of the features we now take for granted in shooters were inspired by this one game,” writes the Guardian. “The game that would introduce a lot of players to the concept of using an analogue stick to look around in a 3D game — it’s difficult to overstate how important that was.”

But it was the multiplayer mode that really counted. Four players, one screen, an array of locations and weapons, and all the characters from the single-player campaign…. We would usually play in Normal mode, but as the hours dragged on and the sunlight began to creep in behind the blinds, we’d switch to Slaps Only, in which players could only get kills by slapping each other to death….

It is interesting how fables around the game and its development have survived — and still intrigue. The fact that it is officially cheating to play as Oddjob in multiplayer mode; the brilliance of the pause music, which has been heavily memed on TikTok, and how it was written in just 20 minutes by Rare newcomer Grant Kirkhope. The fact that Nintendo legend and Mario creator Shigeru Miyamoto was so concerned by the death in the game that he suggested a post-credit sequence where James Bond went to a hospital to meet all the enemy soldiers he “injured”. I think the sign of a truly great game — like any work of art — is how many legends become attached to its making.
It is lovely now, to see the game getting a release on Nintendo Switch and Xbox Game Pass.

Read more of this story at Slashdot.

US and EU To Launch First-Of-Its-Kind AI Agreement

The United States and European Union on Friday announced an agreement to speed up and enhance the use of artificial intelligence to improve agriculture, healthcare, emergency response, climate forecasting and the electric grid. Reuters reports: A senior U.S. administration official, discussing the initiative shortly before the official announcement, called it the first sweeping AI agreement between the United States and Europe. Previously, agreements on the issue had been limited to specific areas such as enhancing privacy, the official said. AI modeling, which refers to machine-learning algorithms that use data to make logical decisions, could be used to improve the speed and efficiency of government operations and services.

“The magic here is in building joint models (while) leaving data where it is,” the senior administration official said. “The U.S. data stays in the U.S. and European data stays there, but we can build a model that talks to the European and the U.S. data because the more data and the more diverse data, the better the model.” The initiative will give governments greater access to more detailed and data-rich AI models, leading to more efficient emergency responses and electric grid management, and other benefits, the administration official said. The partnership is currently between just the White House and the European Commission, the executive arm of the 27-member European Union. The senior administration official said other countries will be invited to join in the coming months.

Read more of this story at Slashdot.

Amazon Is Reportedly Making a Tomb Raider TV Series

Amazon is developing a TV series based on the Tomb Raider video game franchise with scripts written by Phoebe Waller-Bridge, according to The Hollywood Reporter. The Verge reports: Details are light on this new Tomb Raider series, but THR says that while Waller-Bridge will serve as a writer and executive producer, she won’t be starring in the show. The show is apparently still in the development stages, so we probably shouldn’t expect to see it anytime soon. This new series could be another potentially big video game franchise adaptation for Amazon, which announced in December that it would be making a God of War TV show. But it also marks a further investment from Amazon into the Tomb Raider franchise, as the company will also be publishing the next Tomb Raider game from Crystal Dynamics. Amazon didn’t immediately reply to a request for comment.

Read more of this story at Slashdot.