Security Update
As many of you know, the Shotgun team size grew quite a bit with the Autodesk acquisition and this allows us to go much faster in feature development!

Our new size also lets us devote more resources to focus on the security of our client data. As you know, we have always considered security as our priority #1 feature. 

Now, our continued efforts and investments in security are backed by Autodesk’s own commitment and resources!

We’re continuing our quarterly security assessments by an independent 3rd party auditor. This includes validation of all existing and new products such as the new Shotgun Review iOS application. Our Q3 audit was done by Independent Security Evaluators (ISE). We know data security requires constant vigilance, so we've decided to increase our investment in security and will work with ISE to ensure new features are secure from the start of the design phase. Doing so will greatly reduce the risk of having security holes in the final applications.

On the Autodesk front, we work with Autodesk’s Information Security team to ensure our internal policies and processes adhere to Autodesk’s high standards. These will help ensure that, as the team grows, we’re always keeping client data secure. Additionally, we benefit from rapid internal communication channels to deal with external security threats as they arise.

The bottom line is that we know our hosted customers trust us with extremely valuable IP so we continue to add protection layers to ensure your data stays safe. And now, benefiting from Autodesk resources, not only can we go faster on feature development, we have and continue to increase our investments in security.
Announcing Shotgun 5.4
We’re pleased to announce 5.4. This release is jam-packed with features that open the door for more teams to track and review their work in Shotgun.




"5.4 works flawlessly so far and I wonder how on earth we did without the new web player and still image support until now. Awesome job!" 
-Frank Lenhard, PiXABLE STUDIOS

"What a great update guys! New web player and Lightbox are just awesome, and what I really like is the way you're matching all the new functionality and hotkeys with RV - that is just sooo right! Please, keep it up!" 
- Alexey Borzykh, Asymmetric VFX Studio

Support for Reviewing Still Images

We’ve updated our review tools to support teams reviewing still images (such as concept art or storyboards). Now, images submitted to Shotgun for review display at higher resolutions and appear closer to the color and quality of their source files. We’re also introducing new pan and zoom functionality to the overlay player so you can quickly move around your images, draw on the frames, and leave notes as feedback.


Redesigned Overlay Player & New Image Attachment Viewer

As part of our still image support, we’ve also improved the overlay look and feel of the overlay player. Viewing previous annotations within overlay player now previews the image within the same browser window, helping you keep your context and review the content of notes faster. Tools are more accessible, and we’ve added a bunch of new keyboard shortcuts to support the new tools.


Support for Different Project Workflows

As studios evolve, they tend to take on more and different types of projects. These days, many of our clients work on film, TV, and even games, all within the same studio. In order to accommodate these types of studios, you can now customize the things you track in a project, as well as their fields, pipeline steps, and statuses. Maybe your games projects require different steps than your film projects. Or maybe you have a different set of approval statuses on your TV projects than your film projects. By letting different workflows coexist in the same studio, we’re opening the door for departments and teams to work together on the same Shotgun site.

Learn more...

Smart(er) Thumbnails

We’ve updated thumbnail fields with a new option to show the latest version instead of a manually uploaded thumbnail. This benefits studios in two ways: 1) thumbnails will automatically update based on the latest submission, saving you tons of time and requiring less customization to keep your thumbnails up to date, and 2) you now have a much better indicator of the status of your shots, assets, and other things you’re tracking. Just glance at the thumbnail and you can see how work is progressing.

Powerful New Ways to Connect Your Data

We’ve upped the limit on how many “hops” we support for bringing related data on a page. For example, if you want to view a Task’s Shot’s Sequence’s “Delivery Date” alongside a Task’s “Due Date”, now you can. You can even group, sort, and filter by these fields. Many of our users have affectionately referred to this as “double hops”.

Cheers to you all you power users--enjoy!

Labels:

Irish VFX + Animation Summit
We're happy to be collaborating with The Irish VFX + Animation Summit next week. The Summit encourages engagement between studios and future artists and focuses on the importance of students and prospective artists knowing how best to show others their work and find the best VFX and animation opportunities.



Shotgun will be used to track submissions and review feedback for this year's Showreel Clinic, which will allow artists to submit their work for 1-on-1 feedback from Summit Speakers and senior artists attending the event and participate in personalized dailies sessions. 


Irish VFX+ Animation Summit Details

Location: Science Gallery, The Naughton Institute, Trinity College, Pearse St, Dublin 2
Date: Friday Nov. 28- Sunday Nov. 30th

Click here for more information and to register.
The Chrome Plugin Support Update
As you may or may not be aware, Google announced earlier this year that they will be pulling support for plugins from Chrome. Unfortunately, they have been fairly tight-lipped on the details and timing. But, over the last few months they have taken a few steps in this direction, adding more speed bumps for any users who wish to permit plugin use within Chrome, and completely disabling plugins on Linux already (as of v35). Google has not yet announced exactly when plugin support will be fully discontinued, but alluded to sometime around the end of 2014. There are two critical questions that will affect our recommendation to clients and future development in this area:

- When will plugin support finally be completely deactivated? (Google won’t say.)

- Will Java still be supported? (Java is currently a functional alternative to using our browser plugin, though we initially built the plugin because many clients wanted to move away from Java.)

Since we heard the news, we have been brainstorming on how best to replace the Shotgun functionality that is facilitated by our custom browser plugin. This includes Local File Linking and some Pipeline Toolkit functions, all of which need some sort of added tech to work around the standard browser security that disallows interaction with the file system from a web page. See this post in our GitHub repo for a bit more background.

Our long term plan is to work this functionality into our Shotgun Desktop client, but we are still in progress on that solution. We originally hoped to have it ready before the end of the year, but we need a bit more time to ensure we have a production-ready replacement. We are now aiming to deploy the new setup in a patch release in early 2015. Also, since locally hosted clients are traditionally delayed on new releases, it could take longer for them to receive the replacement solution compared to clients on hosted sites.

If your studio depends on Chrome and uses Shotgun’s Local File Linking or Pipeline Toolkit functionality, we strongly recommend that you have a contingency plan in place. Current workarounds include:

- Use another supported browser
- Lock off on a version of Chrome that still supports plugins - delay upgrading to the version where plugin support is pulled (of course this may carry some risk, as you may miss out on patches for any security vulnerabilities that are/were discovered after that version’s release)

We know this is not the best news for Chrome users, but it is unfortunately not entirely in our control, and we felt it would be prudent to warn you of the impending situation now so you have time to make alternate plans.

Of course, as always, if you have any questions or concerns, please reach out to our support team and we will do our best to work through this with you and find an acceptable solution.


Cheers,
The Shotgun Team

Get to Know... School of Visual Arts

We recently had the opportunity to chat with Joseph Mulvanerty, Cross Platform Systems Administrator at the School of Visual Arts in New York City. We spoke with Joseph about SVA and how the school has integrated the use of Shotgun both inside and outside of the classroom.

Tell us about the School of Visual Arts.


SVA Computer Art is the undergraduate computer art, animation and visual effects department at School of Visual Arts. SVA Computer Art started in the 90s when computers advanced as a medium for creating artwork. Our program has since evolved into a department that is focused on computer animation and visual effects. Coming from an animation studio in NYC, it felt natural to come to this department as we have the same gear and software used in the professional VFX industry. We have great technical resources and workflows that mirror what our graduates will find when they start working in the real world. We like to bring in people who work in production, so most of our instructors are adjunct professors who also currently work in the industry.

The artists are younger, but working here is the same environment as a professional VFX and animation shop. We have between 300-400 students in our department. We are an accredited school and this is a BFA Computer Arts program.
Image Credit: Jon Stulich






Why has SVA been so successful?

I think it starts with the Chairman of the department, John McIntosh. He brings plenty of industry experience along with the ability to anticipate the future of the industry. That’s part of how Shotgun became introduced at SVA. He’s at trade shows and conventions along with talking to major studios to get insight on the latest studio practices. We're adopting advanced levels of pipeline integration and workflows so our students are familiar working with these methods.

What do you do at SVA?

I am part of a systems crew that builds and supports our computer animation studio environment. Each person has specialization ranging from render management to desktop support. My title is Cross Platform Systems Administrator. Our studio runs on any OS our students will see out in the wild when they graduate, so we use Mac, Windows and some Linux. From my studio experience I also help solve production problems and manage our Shotgun pipeline.

The program focuses on pre-to-post production and everything in between. If students want to do live action, we have cameras and lighting. If they want to get deep into post, we have an audio recording studio and a grading/finishing suite — we go beyond the standard animation tools you need to know if you’re going to be a CG artist. I think some of our capabilities rival other studios.

What’s a day in the life of Joseph like?

I enjoy collaborating with our students to solve problems with their projects. This is a technical position but in many cases I am also teaching on how to handle computer animation challenges. We also have plenty of great tech here so I get to be involved with cameras, lighting, motion capture and chromakey.

I also focus heavily on Shotgun integration. So where Shotgun might typically have a studio wide standard implementation where all projects are handled the same way, here we’re building individual pipelines for each student on a per project basis. Our Shotgun project setup will be different for someone who’s doing live action with VFX as opposed to someone who's doing a job that's all 3D CG animation. The people at Shotgun have been great with helping us head down the right path. We’re both using Shotgun as a workflow tool to help our students complete their projects but also as an educational tool to help teach them how jobs get done in a professional environment.

Image Credit: Jon Stulich
How long have you been using Shotgun?

Shotgun has been in use here for a couple of years. It was originally used as a tool for teachers to review student work. This year we fully integrated Shotgun into our student project production pipeline.

A major focus for our students is their senior thesis project. They often collaborate with other students to produce these films all of which are created in Shotgun with complete pipeline integration. For this year 60 short films being produced through Shotgun. Each film can have one or more students collaborating on the production with instructors and administrators using Shotgun for review and feedback.

How is Shotgun working for the students?

We really just started implementing use of Shotgun as a production management tool for our seniors this year, and I’m working on building that out to tie Shotgun into our render management system so that all of that gets tracked in Shotgun as well. Our students are responding really well to using Shotgun, and instructors love it too as most of them are already using it in their studios. Pushing students to run projects through Shotgun also helps students keep their work managed and organized so they can focus on the creative process instead.

We also have students who play dual roles on their projects both as project manager/producer, and as an artist. The new Shotgun Desktop feature has been helpful in this regard - when you’re project managing, the site is where the action is, but when you are ready to focus on an artist task, the Desktop puts everything you need right in front of you.

Image Credit: Jon Stulich
What tools does SVA use in the program?

It really depends on what the artist is working on. It could be Maya, if they’re incorporating mocap then probably also MotionBuilder. We use a lot of sculptural tools, zBrush and Mudbox, but it could also be Hiero to ingest live action footage and Nuke if they’re doing a lot of compositing, and even Houdini if they’re working on simulations and always Photoshop if they’re working on textures. We use a wide range of tools and the nice thing is that most of them play nicely with Shotgun. For editing and finishing we have Final Cut Pro, ProTools, Resolve and Scratch.

Do you develop proprietary tools?

We don’t here at SVA, but coming from a studio that did develop our own pipeline software tools, I can attest to what a huge leap it is to work with Shotgun. Straight out of the box, Shotgun is much more functional than anything we were ever able to develop in house.

What is your favorite thing about working in NYC?

I’ve lived here my entire life so you end up having this expectation that everything is immediately accessible. Anything you want to do or see or be a part of—you can find it here, that’s what I like about New York City.

When you aren’t working, what’s the ideal way to spend a day?

Performing music. When I’m not here I am out of town playing shows. It's good to be creative and step away from tech for a while.

What led you to visual effects?

Like plenty of kids I was cartooning instead of paying attention in class. I aspired to be a traditional animator. That led to studying design and working wherever art and computers came together. I've seen effects an animation evolve form practical special effects to full CG productions. I was lucky to have spent a few years at an animation/VFX studio here in New York.

What’s the biggest benefit of standardizing student projects on Shotgun?

It’s as simple as everyone being on the same page on any given project. Having a comfort level and familiarity with running multiple projects at the same time, and understanding shot structure is really important. Also, when I’m helping students problem solve, Shotgun informs me exactly where to drop in on a project to tackle a given issue. We have so much going on here at once, and Shotgun keeps all of that organized, everything from naming conventions to the versions of software being used and ultimately helps us avoid making mistakes and reinforces great professional habits in our students as we prepare to send them off into the real world.


POODLE Vulnerability : Help Us Help You!
As part of our remediation plan following the public disclosure of the POODLE vulnerability, we will be disabling support for SSLv3 from our servers. We intend to do this on November 18, 2014.

Testing your environment

While we have performed extensive tests on our systems, we would ask all users of our hosted sites to execute the “ssl3_test.py” test script (available for download at the following location) to confirm that you can access, through your environment, a test site called “poodletest.shotgunstudio.com” running on a server on which SSLv3 has been disabled. The script connects anonymously to the test site and performs basic operations such as version creation, version deletion and (optionally) thumbnail upload.

The script can be invoked as follows:

python ssl3_test.py [ -a pathToShotgunAPI ] [ -t pathToThumbnailImage ]

Note that the –a argument can be omitted if the path to the Shotgun API is already in your PYTHONPATH environment variable. For instance:

python ssl3_test.py –a ~/dev/shotgun_api –t ~/image.jpg

If the script runs successfully, this means that you can successfully access a SSLv3-disabled server and you should be ready to go for the November 18 deadline. Otherwise, please contact support@shotgunsoftware.com so that we can quickly help troubleshoot your issue.

Disabling SSLv3 in your browsers

All modern Web browsers already support other cryptographic protocols, so access to the Web application will not be impacted when we turn off SSLv3 on our servers. You are however encouraged to disable SSLv3 in your browsers: Details on how to do this are available at the following location: https://zmap.io/sslv3/browsers.html

Again, please let us know at support@shotgunsoftware.com if you have any concerns or questions about this.


Thanks,
Shotgun Team


---

Background information on POODLE

A low-to-high1 severity vulnerability affecting web servers and other applications that use Secure Sockets Layer v3 (SSLv3) has been disclosed. An attacker who is in an active man-in-the-middle (MitM) position may be able to launch a chosen plain-text attack to decrypt and obtain targeted portions of SSLv3 encrypted data such as HTTP session cookies.

The vulnerability resides in SSLv3 connections that use block ciphers in cipher-block chaining (CBC) mode. At its core, the issue is the fact that SSLv3 does authentication before encryption. It is a design flaw within the protocol itself, and not of any specific implementation. As such, any application that relies or supports SSLv3 and accepts cipher suites that use CBC with encryption are vulnerable. Transport Layer Security (TLS) is not vulnerable directly. However, it is possible to perform downgrade attacks in which the client is forced to use SSLv3 instead of TLS, if SSLv3 is supported.

The attack that exploits this SSLv3 vulnerability is referred to as Padding Oracle On Downgraded Legacy Encryption (POODLE). The POODLE attack is very similar to the Browser Exploit Against SSL/TLS (BEAST)3 attack from a few years ago. That is, the attacker is not only required to have a privileged network position, but also the ability to influence the client to send multiple requests to the server. Because of this requirement, POODLE attacks will typically target HTTPS connections. It is important to note that the attack is not exclusive to only HTTPS, and that other services that use SSLv3 may be vulnerable to practical attack as well.

Despite its age and available replacements, SSLv3 is still widely used. As of October 12, 2014, 96.9% of the HTTPS Alex Top 1 Million websites supported SSLv34, and are therefore likely affected by POODLE.
Upcoming Autodesk Community Sessions
Next week the Autodesk family will be hosting community sessions in Stockholm, Gothenburg and Copenhagen to present the latest features in Shotgun, Maya, Flame, and 3ds Max!
Join us to learn more about the Shotgun toolset and Shotgun's integrations with Maya and Flame, updates on 3ds Max, new Maya features, and Flame 2015. Specialist Stuart Holloway will also be introducing and showcasing Flame 2015's new creative tools for Extension 2.

For more information and to register, click on the location and day you'd like to attend below:

Stockholm (Nov. 12) at 1pm CET
Gothenburg (Nov. 13) at 1pm CET
Copenhagen (Nov. 14) at 1pm CET

Hope to see you there!

Shotgun at VES Summit


We're excited to be participating in the upcoming VES Summit this Saturday October 18th in Hollywood where the VFX community comes together to discuss and explore the latest breakthroughs in film, tech, gaming and entrepreneurism.

Our very own Don Parker will be leading two roundtable discussions on building a successful business and turning customers into both investors and partners (and friends)!

"How to Build a Successful Business in Today's Climate"
Saturday October 18th
11am-12pm and 1-2pm
Location: W Hotel Hollywood, 6250 Hollywood Boulevard


More info on the VES Summit and how to register here
Security Notice about Shellshock
What’s this all about?

On September 24th, a new family of security bugs in the Unix Bash Shell referred to as “Shellshock” was publicly disclosed. Many Internet web servers use Bash to process certain commands, and this security bug could be exploited by an attacker to cause vulnerable versions of Bash to execute arbitrary commands.

By the nature of our system and its current implementation, our servers were not affected by these bugs and no data was ever threatened by it. However, to protect against possible future changes that could make our system vulnerable, we have promptly updated all our servers with the appropriate fixes.

What do you need to do

Customers with Hosted Sites

If you have a hosted site, then you have nothing to do!

Customers with Local Installs

To avoid being hacked, all servers should be updated with a fix as described here.

If you have any questions about this, don’t hesitate to contact us at support@shotgunsoftware.com.


Todd Perry Works from Anywhere With Shotgun Review App
Independent visual effects supervisor Todd Sheridan Perry (TeaspoonVFX) is currently working on several projects with Workhouse Creative in Seattle, WA. Todd’s been a longtime customer, and was also a beta tester and early adopter of Shotgun Review for iPhone.

We recently spoke with Todd while he was in line at Starbucks, checking out Shotgun Review on his iPhone while waiting for his coffee. He is currently using Shotgun to manage two simultaneous projects at Workhouse, a company owned by director Keith Rivers with 10 full-time staff, four of whom are VFX artists. One of the projects is an indie short film directed by Rivers, and the second is a music video for local Seattle artist Allen Stone co-directed by Rivers and Daniel Brown featuring over 65 VFX shots.

“I just got an email notification from Shotgun that an artist submitted a shot. With Shotgun Review, I can take a look at the shot on my iPhone from anywhere,” said Perry. “It’s really liberating to be able to give feedback to an artist from my iPhone in line at Starbucks. Obviously it’s not going to be the super nitpicky details like color comments, but I certainly can see if a shot is headed in the right direction and see if something is going wrong. I can zoom in, get a closer look, annotate and make little scribbles directly on frames and then it gets back to the artist almost instantly.”

Less than a month after its official release, Perry
is already benefitting from having access to Shotgun via his iOS devices. “As a VFX Supervisor you’re often tethered to an office, working long days and nights waiting to receive shots to review. While it’s still essential to work in a screening room for director-assisted review sessions, or evaluating fine details and color work, with Shotgun Review I can deliver almost immediate feedback on most aspects of a sequence from anywhere while the artist is still in the mindset of that same shot. Often when artists don’t get feedback for one or two days, they have to retrace their steps to recall what stage of the project they were in. More immediate feedback makes the process more efficient and usually delivers an overall better final product.”

Perry also observed that the ROI of deploying Shotgun, even at a boutique shop like Workhouse Creative, outweighs the incremental spend of adding licenses for artists as needed. “You have to assess the costs of lost notes or making mistakes or missed shots. I’ve talked to many producers about this, and as long as you set everything up correctly from the get go in Shotgun, it just works. It’s so much easier for artists, supervisors and producers to have a bird’s eye view of statuses on all aspects of a production. In the long run, Shotgun saves artists time and lets them focus on making better art, and saves supervisors the time that can get lost when fine details on a project get lost in a broken communication chain.”


Shotgun Review for iPhone is available for free for all current Shotgun subscribers. Download it for free on the Apple App Store today.


Don’t have your Shotgun site? Sign up for a free 30-day trial here
<< Older Posts    

Our Story

We are industry folk who love production. A handful of us met while building...
Read More
Subscribe to updates via email

Follow Us