Until Wednesday, a single text message sent through Cisco's Jabber collaboration application was all it took to touch off a self-replicating attack that would spread malware from one Windows user to another, researchers who developed the exploit said. Ars Technica reports: The wormable attack was the result of several flaws, which Cisco patched on Wednesday, in the Chromium Embedded Framework that forms the foundation of the Jabber client. A filter that's designed to block potentially malicious content in incoming messages failed to scrutinize code that invoked a programming interface known as "onanimationstart." But even then, the filter still blocked content that contained , an HTML tag that had to be included in a malicious payload. To bypass that protection, the researchers used code that was tailored to a built-in animation component called spinner-grow. With that, the researchers were able to achieve a cross-site scripting exploit that injected a malicious payload directly into the internals of the browser built into Jabber.

A security sandbox built into the Chromium Embedded Framework, or CEF, would normally store the payload in a container that's isolated from sensitive parts of the app. To work around this constraint, the researchers abused the window.CallCppFunction, which is designed to open files sent by other Cisco Jabber users. By manipulating a function parameter that accepts files, the researchers were able to break out of the sandbox. "Since Cisco Jabber supports file transfers, an attacker can initiate a file transfer containing a malicious .exe file and force the victim to accept it using an XSS attack," researchers from security firm Watchcom Security wrote in a post. "The attacker can then trigger a call to window.CallCppFunction, causing the malicious file to be executed on the victim's machine." Accordingly, CVE-2020-3495, the designation assigned to the Cisco Jabber vulnerability, has a severity rating of 9.9 out of a maximum 10 based on the Common Vulnerability Scoring System. Cisco's advisory has more details here.

Dev & Gear created a long list of YouTube channels that offer technical videos to help you learn web development from scratch or just improve your skills. Some of the channels listed include: LearnCode.academy, Dev Ed, Traversy Media, Codecourse, and Wes Bos.

Is your favorite YouTube channel for web development and programming included on the list? If not, let us know what it is in a comment.

An anonymous reader quotes Psychology Today: While software development jobs sound great right out of the gate, technology roles don't always offer a great career path. The entry-level salary is fantastic, and the job is fun. But five years on, the average developer reaches a senior role, and there aren't many more rungs on the technology career ladder. An article from 1998 in the New York Times reported that six years after finishing college, only 57 percent of computer science graduates were working as programmers. After 20 years, the figure dropped to 19 percent. In contrast, the figures for civil engineering were 61 percent and 52 percent...

It's not just about the money — it's at least as much about the control you have over what you do. And software developers these days have little say in what apps they build. "More than anything, what bothered me is the feeling that my work doesn't matter one way or another," said one of my friends before he quit his programming job. He continued, "You get into software thinking you'll build cool things, but instead, it's about jumping through hoops for business school people with bad ideas."

Rapid changes in technology make programming one of the fastest-moving careers. Avoiding burnout is the only way to have a long and sustainable career in tech. Veteran software developers often recommend to:

- Work at a place where you can grow. Constantly learning new things is a requirement in tech, but it's only sustainable if you can do it as part of the job.

- Build transferable skills. Many developers find it interesting to invest in learning leadership skills and explore technical management roles — those don't change as often as programming languages do.

- Have creative outlets and create a space to focus on yourself, to switch off and relax. Make sure you move enough, eat well, and spend quality time with friends and family.

Of course, there's always the nuclear option: make your money and get out.

Phoronix reports: As mentioned back in July, upstream Linux developers have been working to figure out a path for adding Rust code to the Linux kernel. That topic is now being further explored at this week's virtual Linux Plumbers Conference...

To be clear though, these Rust Linux kernel plans do not involve rewriting large parts of the kernel in Rust (at least for the foreseeable future...), there would be caveats on the extent to which Rust code could be used and what functionality, and the Rust support would be optional when building the Linux kernel. C would remain the dominant language of the kernel and then it's just a matter of what new functionality gets added around Rust if concerned by memory safety, concurrency, and other areas where Rust is popular with developers. Various upstream developers have been interested in Rust for those language benefits around memory safety and security as well as its syntax being close to C. There would be a to-be-determined subset of Rust to be supported by the Linux kernel.... While the Rust code would be optional, the developers do acknowledge there are limitations on where Rust is supported due to the LLVM compiler back-ends. But at least for x86/x86_64, ARM/ARM64, POWER, and other prominent targets there is support along with the likes of RISC-V.

Nothing firm has been determined yet but it's a topic that is still being discussed at the virtual LPC this week and surely over the weeks/months ahead on the kernel mailing list. There is Rust-For-Linux on GitHub with a prototype kernel module implementation. There is also the PDF slides from Thursday's talk on the matter.
It's not clear to me that this is a done deal. But the article argues that "it's still looking like it will happen, it's just a matter of when the initial infrastructure will be in place and how slowly the rollout will be..."

Friday night CNET reported: With a device surgically implanted into the skull of a pig named Gertrude, Elon Musk demonstrated his startup Neuralink's technology to build a digital link between brains and computers. A wireless link from the Neuralink computing device showed the pig's brain activity as it snuffled around a pen on stage Friday night.
Some reactions from Twitter:

- "The potential of #Neuralink is mind-boggling, but fuckkkk why would they use Bluetooth???"

- "they're using C/C++ too lmao"

But then videogame programming legend John Carmack responded: "Quality, reliable software can be delivered in any language, but language choice has an impact. For me, C would be a middle-of-the-road choice; better than a dynamic language like javascript or python, but not as good as a more modern strongly static typed languages.

However, the existence of far more analysis tools for C is not an insignificant advantage. If you really care about robustness, you are going to architect everything more like old Fortran, with no dynamic allocations at all, and the code is going to look very simple and straightforward.

So an interesting question: What are the aspects of C++ that are real wins for that style over C? Range checked arrays would be good. What else?
When asked "What's a better modern choice?" Carmack replied "Rust would be the obvious things, and I don't have any reason to doubt it would be good, but I haven't implemented even a medium sized application in it."

But then somewhere in the discussion, Elon Musk made a joke about C's lack of "class" data structures. Elon Musk responded: I like C, because it avoids class warfare
But then Musk also gave interesting responses to two more questions on Twitter: Which is your fav programming language? Python?

Elon Musk: Actually C, although the syntax could be improved esthetically

Could Neuralink simulate an alternate reality that could be entered at will, like Ready Player One? Implications for VR seem to be massive. Essentially, a simulation within a simulation if we're already in one ...

Elon Musk: Later versions of a larger device would have that potential

An anonymous reader quotes The New Stack: While there are some who may never get over the fact that the Istio service mesh, originally created by Google and IBM, will not be handed over to the Cloud Native Computing Foundation, the project took a big step this past week to assuage those who critiqued the project for being under a Google-majority control: Istio has introduced a new Istio steering committee.

According to the blog post, the new steering committee will consist of 13 seats, with four "elected Community Seats" and nine "proportionally allocated Contribution Seats," a change they say "solidifies our commitment to open governance, ensuring that the community around the project will always be able to steer its direction, and that no one company has majority voting control over the project." This final point is really the key to the announcement here, with them further and more explicitly clarifying later that "no single vendor, no matter how large their contribution, has majority voting control over the Istio project." To this end, they write, they have "implemented a cap on the number of seats a company can hold, such that they can neither unanimously win a vote, or veto a decision of the rest of the committee."

As for how those seats are allocated, the four Community Seats will consist of four representatives from four different organizations and will be chosen in an annual election. The nine Contribution Seats will be assigned to a minimum of three different companies "in proportion to contributions made to Istio in the previous 12 months," with this year's metric being merged pull requests.
But not everyone was satisfied. On Twitter AWS engineer Matthew S. Wilson called it "a crappy way to build a community," objecting to the way it's recognizing and rewarding open source contributions by company rather than by the individuals.

And Knative co-founder Matt Moore called it "what you get when a company wants to 'play community', but treat its employees as interchangeable cogs."

Google today released the alpha version of Jetpack Compose, its UI toolkit for helping developers "build beautiful UI across all Android platforms, with native access to the platform APIs." From a report: While an alpha release means it is definitely not production ready, Jetpack Compose promises to let Android developers build apps using "dramatically less code, interactive tools, and intuitive Kotlin APIs." The alpha release also includes new tools including Animations, Constraint Layouts, and performance optimizations. Android Jetpack, which Google launched at its I/O 2018 developer conference, is a set of components for speeding up app development. Think of it as the successor to Support Library, a set of components that makes it easier to leverage new Android features while maintaining backwards compatibility. Jetpack Compose, which Google first showed off at its I/O 2019 developer conference, is an unbundled toolkit meant to simplify UI development by combining a reactive programming model with Kotlin.

The open-source project behind Julia, a programming language for data scientists, has revealed which languages users would shift to if they decided no longer to use Julia. From a report: Julia, a zippy programming language that has roots at MIT, has published the results of its 2020 annual user survey. The study aims to uncover the preferences of those who are building programs in the language. [...] Last year, 73% of Julia users said they would use Python if they weren't using Julia, but this year 76% nominated Python as the other language. MATLAB, another Julia rival in statistical analysis, saw its share of Julia users as a top alternative language drop from 35% to 31% over the past year, but C++ saw its share on this metric rise from 28% to 31%. Meanwhile, R, a popular statistical programming language with a dedicated crowd, also declined from 27% to 25%.

Nicolas Rougier, a computational neuroscientist and programmer at INRIA, the French National Institute for Research in Digital Science and Technology in Bordeaux, writes: I organized with [Konrad Hinsen, a theoretical biophysicist at the French National Centre for Scientific Research (CNRS) in Orleans] the "Ten Years Reproducibility Challenge," whose goal was to check if researchers would be able to run their own code that has been published at least ten years ago (i.e. before 2010). Most participants managed to run it, but it was not without pain. Today, Nature published an article summarizing the different problems we encountered. I myself tried to re-run an Apple II program I wrote 32 years ago on a vintage Apple IIe. This was quite instructive, especially regarding modern software system with the dependencies hell.

NoMoreACs shares a report: On Friday, the internet erupted in a small way to learn that Apple had successfully forced WordPress to monetize its free app -- forcing it to sell premium plans and custom domain names seemingly just so that Apple could get its traditional 30 percent cut. But one afternoon and evening of surprise and outrage later, Apple is backing off. The company is issuing a rare on-the-record apology, and it says that WordPress will no longer have to add in-app purchases now that all is said and done.

Here's Apple's full statement: "We believe the issue with the WordPress app has been resolved. Since the developer removed the display of their service payment options from the app, it is now a free stand-alone app and does not have to offer in-app purchases. We have informed the developer and apologize for any confusion that we have caused." You'll notice that Apple is positioning this as the developer -- WordPress -- having done the right thing and removed the "display of their service payment options from the app," and to my knowledge that is technically true. But as far as I'm aware, that didn't happen today: it happened weeks or months ago.

Rita Liao, reporting for TechCrunch: The technological decoupling between the U.S. and China has been a boon to Chinese firms -- from chipmakers for smartphones and electric vehicles through to software -- that are the backbones of millions of businesses' daily operations. Chinese companies might have established a firm grip on internet services for consumers, but many fundamental technologies undergirding hardware and enterprise software remain in the hands of Western companies. As tech businesses become increasingly entangled in broader geopolitical disputes, their users and clients are feeling the heat. Another area that has made the tech community restless is source code hosting. Chinese developers rely heavily on GitHub, as evident from an apparent government ban of the site in 2013 that prompted former Google China head Kai-Fu Lee to speak out. Now the China developer community is wary that political conflict may inflict GitHub.

[...] Seven-year-old Gitee is at the center of China's push to localize businesses' source codes. The Ministry of Industry and Information Technology (MIIT), one of China's top tech policymakers, recently picked (in Chinese) Gitee to construct an "independent, open-source code hosting platform for China." The project will be carried out by a consortium led by Open Source China, the Shenzhen-based firm behind its namesake open-source community and Gitee. The hosting service appears to be a government-led effort with support from research universities and participation from the private sector -- a group of 10 organizations including Huawei, which is itself suffering from supply chain disruption amid the political storm.

Matt Asay, a former COO of Canonical now working at AWS, argues that the question of open source sustainability "is really a people problem."

But to make the case, he cites comments by Tobie Langel, formerly W3C's testing lead (and a former member of Facebook's Open Source and Web Standards Team) who's now founded an open-source strategies consulting firm whose clients include Mozilla, Intell, Google, and Microsoft. Much of the "open source sustainability" discussion has focused on the one thing that really needs no help being sustained: software. As Tobie Langel rightly points out, "Open source code isn't a scarce resource. It's the exact opposite, actually: It's infinitely reproducible at zero cost to the user and to the ecosystem." Nor is sustainability really a matter of funding, though this gets closer to the truth.

No, open source sustainability is really a people problem. Or, as Langel highlights, "In open source, the maintainers working on the source code are the scarce resource that needs to be protected and nurtured."

Over the past several weeks, I've interviewed a number of maintainers for popular open source projects. In every case, they talked about how they contribute because it's fun, but also acknowledged that some aspects of open source development can make it decidedly "un-fun" (e.g., demanding users who complain about missing features or existing bugs but don't contribute code or fixes). Most have found ways to turn their passion into financial independence, but Langel stresses that cash is critical to keeping open source humming along... "Without revenue, there is no maintenance, and without maintenance, the commons becomes toxic very quickly... As new security issues are discovered, open source code that isn't updated becomes a security risk..."

Langel is absolutely correct to argue, "In an ecosystem with infinite resources, the attention needs to be on the people taking care of and maintaining that resource, because that's where the bottleneck is." Again, that's partly a question of money, but it's even more a question of treating people with dignity and respect, while making open source communities a fun, welcoming place.

Though Mozilla laid off 250 people last week, the Rust Core Team wrote a blog post Tuesday reminding the world that "the Rust project as a whole is very resilient to such events..." it is a common misconception that all of the Mozilla employees who participated in Rust leadership did so as a part of their employment. In fact, many Mozilla employees in Rust leadership contributed to Rust in their personal time, not as a part of their job. Finally, we would like to emphasize that membership in Rust teams is given to individuals and is not connected to one's employer. Mozilla employees who are also members of the Rust teams continue to be members today, even if they were affected by the layoffs...
But they've still got some news: We've developed legal and financial needs that our current organization lacks the capacity to fulfill. While we were able to be successful with Mozilla's assistance for quite a while, we've reached a point where it's difficult to operate without a legal name, address, and bank account. "How does the Rust project sign a contract?" has become a question we can no longer put off....

The Rust Core Team and Mozilla are happy to announce plans to create a Rust foundation. The Rust Core Team's goal is to have the first iteration of the foundation up and running by the end of the year... The various trademarks and domain names associated with Rust, Cargo, and crates.io will move into the foundation, which will also take financial responsibility for the costs they incur.... As an immediate step the Core Team has selected members to form a project group driving the efforts to form the foundation. Expect to see follow-up blog posts from the group with more details about the process and opportunities to give feedback...

We're excited to start the next chapter of the project by forming a foundation. We would like to thank everyone we shared this journey with so far: Mozilla for incubating the project and for their support in creating a foundation, our team of leaders and contributors for constantly improving the community and the language, and everyone using Rust for creating the powerful ecosystem that drives so many people to the project. We can't wait to see what our vibrant community does next.

When people build a database to manage reading lists or feed their neighbors, that's coding -- and culture. From an essay: We are past the New York City Covid-19 peak. Things have started to reopen, but our neighborhood is in trouble, and people are hungry. There's a church that's opened space for a food pantry, a restaurant owner who has given herself to feeding the neighborhood, and lots of volunteers. [...] It's a complex data model. It involves date fields, text fields, integers, notes. You need lots of people to log in, but you need to protect private data too. You'd think their planning conversations would be about making lots of rice. But that is just a data point. The tool the mutual aid group has settled on to track everything is Airtable, a database-as-a-service program. You log in and there's your database. There are a host of tools like this now, "low-code" or "no-code" software with names like Zapier or Coda or Appy Pie. At first glance these tools look like flowcharts married to spreadsheets, but they're powerful ways to build little data-management apps. Airtable in particular keeps showing up everywhere for managing office supplies or scheduling appointments or tracking who at WIRED has their fingers on this column. The more features you use, the more they charge for it, and it can add up quickly. I know because I see the invoices at my company; we use it to track projects.

"Real" coders in my experience have often sneered at this kind of software, even back when it was just FileMaker and Microsoft Access managing the flower shop or tracking the cats at the animal shelter. It's not hard to see why. These tools are just databases with a form-making interface on top, and with no code in between. It reduces software development, in all its complexity and immense profitability, to a set of simple data types and form elements. You wouldn't build a banking system in it or a game. It lacks the features of big, grown-up databases like Oracle or IBM's Db2 or PostgreSQL. And since it is for amateurs, the end result ends up looking amateur. But it sure does work. I've noticed that when software lets nonprogrammers do programmer things, it makes the programmers nervous. Suddenly they stop smiling indulgently and start talking about what "real programming" is. This has been the history of the World Wide Web, for example. Go ahead and tweet "HTML is real programming," and watch programmers show up in your mentions to go, "As if." Except when you write a web page in HTML, you are creating a data model that will be interpreted by the browser. This is what programming is. Code culture can be solipsistic and exhausting. Programmers fight over semicolon placement and the right way to be object-oriented or functional or whatever else will let them feel in control and smarter and more economically safe, and always I want to shout back: Code isn't enough on its own. We throw code away when it runs out its clock; we migrate data to new databases, so as not to lose one precious bit. Code is a story we tell about data.

Four cities in Indiana are suing Netflix and other video companies, claiming that online video providers and satellite-TV operators should have to pay the same franchise fees that cable companies pay for using local rights of way. Ars Technica reports: The lawsuit was filed against Netflix, Disney, Hulu, DirecTV, and Dish Network on August 4 in Indiana Commercial Court in Marion County. The cities of Indianapolis, Evansville, Valparaiso, and Fishers want the companies to pay the cable-franchise fees established in Indiana's Video Service Franchises (VSF) Act, which requires payments of 5 percent of gross revenue in each city.

The lawsuit is based on an unusual legal argument and doesn't seem likely to succeed. Essentially, the cities are claiming that Netflix and similar providers use the public rights of way simply by offering video streaming services over the Internet: "Defendants transmit video programming to Indiana subscribers using Internet protocol and other technologies. When doing so, Defendants transmit their programming through facilities located at least in part in public rights of way within the geographic boundaries of Indiana Units, including public rights of way located within Plaintiffs' geographic boundaries. Therefore, Defendants are required by the VSF Act to pay the Plaintiffs -- and all other Indiana Units in which Defendants transmit video programming through facilities located at least in part in a public right-of-way -- "franchise fees."

But streaming companies don't have to build physical infrastructure in each city to offer online video, so they aren't deploying their own wires on public rights of way. US law defines a cable system as "a facility, consisting of a set of closed transmission paths and associated signal generation, reception, and control equipment that is designed to provide cable service." Local franchising rules and fees are based on cities' authority to manage their local rights of way. Netflix, Hulu, and Disney+ are Internet-only services. Dish and DirecTV are primarily satellite operators but also offer online access. The cities' lawsuit never mentions the word "satellite" and doesn't fully explain how DirecTV and Dish use the public rights of way.

Apple is planning to terminate Epic Games' entire access to its App Store and app development tools, Epic Games said today. Apple told Epic that by August 28, all access will be ended. From a report: That includes Epic's access to the development tools necessary to create software for the Unreal Engine that Epic offers to third-party developers for their games. In response, Epic has filed a court order asking a Northern California court to stop Apple from removing Epic's âOEApp StoreâOE access. Further reading: Epic Games Sues Apple.

Long-time Slashdot reader theodp tells us Netherlands-based scientist Felienne Hermans shared a radical idea at the 2020 ACM International Computing Education Research Conference for a new programming language to be used for teaching coding -- and for teaching Python: Hermans — an associate professor at the Leiden Institute of Advanced Computer Science — observes In her ICER presentation on Hedy that we don't overwhelm children who are beginning to learn to read with the messy rules of capitalization, punctuation, and sentence construction. So why do we think kids unfamiliar with programming concepts will be able to deal from the get-go with the chock-full-of-syntax-challenges presented by even a "simple" Python loop?

Hedy (proof-of-concept beta) attempts to reduce cognitive load by introducing programming with different "levels" that gradually and gently introduce children to new commands and increasingly complex syntax. Hedy, Hermans explains in a paper, is "a gradual language with an increasingly complex syntax, based on how punctuation is taught to novice readers in natural language education."

O'Reilly media's Vice President of Content Strategy (also the coauthor of Unix Power Tools) recently explored why several popular programming languages wound up on the "most dreaded" list in StackOverflow's annual developer survey: There's no surprise that VBA is #1 disliked language. I'll admit to complete ignorance on Objective C (#2), which I've never had any reason to play with. Although I'm a Perl-hater from way back, I'm surprised that Perl is so widely disliked (#3), but some wounds never heal. It will be interesting to see what happens after Perl 7 has been out for a few years. Assembly (#4) is an acquired taste (and isn't a single language)...
But he eventually suggests that both C and Java might be on the list simply because they have millions of users, citing a quote from C++ creator Bjarne Stroustrup: "there are only two kinds of languages: the ones people complain about and the ones nobody uses." Dislike of a language may be "guilt by association": dislike of a large, antiquated codebase with minimal documentation, and an architectural style in which every bug fixed breaks something else. Therefore, it's not surprising to see languages that used to be widely used but have fallen from popularity on the list... Java has been the language people love to hate since its birth. I was at the USENIX session in which James Gosling first spoke about Java (way before 1.0), and people left the room talking about how horrible Java was — none of whom had actually used the language because it hadn't been released yet...

If there's one language on this list that's associated with gigantic projects, it's Java. And there are a lot of things to dislike about it — though a lot of them have to do with bad habits that grew up around Java, rather than the language itself. If you find yourself abusing design patterns, step back and look at what you're doing; making everything into a design pattern is a sign that you didn't understand what patterns are really for... If you start writing a FactoryFactoryFactory, stop and take a nice long walk. If you're writing a ClassWithAReallyLongNameBecauseThatsHowWeDoIt, you don't need to. Java doesn't make you do that... I've found Java easier to read and understand than most other languages, in part because it's so explicit — and most good programmers realize that they spend more time reading others' code than writing their own.
He also notes that Python only rose to #23 on the "most dreaded" languages list, speculating developers may appreciation its lack of curly braces, good libraries, and Jupyter notebooks. "Python wins the award for the most popular language to inspire minimal dislike. It's got a balanced set of features that make it ideal for small projects, and good for large ones."

"And what shall we say about JavaScript, sixteenth on the list? I've got nothing. It's a language that grew in a random and disordered way, and that programmers eventually learned could be powerful and productive... A language that's as widely used as JavaScript, and that's only 16th on the list of most dreaded languages, is certainly doing something right. But I don't have to like it."

Microsoft just launched a new website "to showcase how it's embracing open source to 'bring choice, technology and community to our customers,'" reports ZDNet: Microsoft, under CEO Satya Nadella, has said and done a lot to shed its image as a pariah of Linux and open-source software communities. With a Linux kernel for Windows 10, GitHub, a new Android Surface Duo, and the commercial cloud as its main source of revenue, Microsoft is a very different company than it was 30 years ago when it was afraid open-source software would gobble up its intellectual property and revenues.

Nowadays, it's got a growing number of open-source projects, including its hugely popular cross-platform code editor Visual Studio Code (VS Code), .NET Core, the hit JavaScript-based programming language TypeScript, and new open-source Windows developer tools like PowerToys and Windows Terminal... According to the company, over 35,000 engineers at the company are using GitHub Enterprise Cloud to host and release official Microsoft open-source projects, samples, and documentation....

Jeff Wilcox, a software engineer with the Microsoft Open Source Programs Office, announced the new site Thursday. He notes that it is "built by the Ruby open-source project Jekyll (that also powers GitHub Pages)".

AT&T's WarnerMedia division is planning to lay off hundreds of employees in AT&T's latest cost-cutting move. Ars Technica reports: "Warner Bros. is expected to commence layoffs of around 650 people starting Monday, according to people familiar with the matter, while HBO is seen shedding between 150 and 175 staffers. A WarnerMedia spokesman declined to comment," Variety reported yesterday. The numbers quoted in Variety may be a bit too high. A source with knowledge of the AT&T layoffs told Ars that the real number is about 600 jobs across all of WarnerMedia, which includes Warner Bros., HBO, and Turner. The layoffs come days after WarnerMedia CEO Jason Kilar announced a shakeup including the departure of three executives and an increased focus on AT&T's new HBO Max streaming service. Kilar detailed the changes in an internal memo published by CNBC on Friday.

In its Q2 2020 earnings report, AT&T said that HBO revenue was "$1.6 billion, down 5.2 percent year over year, reflecting a decrease in subscription revenues and content and other revenues." HBO operating expenses were "$1.5 billion, up 32.5 percent year over year, primarily due to higher programming costs and expenses related to HBO Max." HBO operating income was $113 million, down 80.3 percent. Warner Bros. revenue in Q2 was $3.3 billion, down 3.9 percent year over year partly because of "the postponement of theatrical releases due to closure of movie theaters," AT&T said. Warner Bros. operating income rose 43.9 percent to $633 million, however, as the unit's operating expenses declined 11.1 percent to $2.6 billion "primarily due to the production hiatus and lower marketing expenses."