An anonymous reader quotes a report from Bloomberg: A data breach in 2016 exposed the names, phone numbers and email addresses of more than 20 million people who use Uber's service in the U.S., authorities said on Thursday, as they chastised the ride-hailing company for not revealing the lapse earlier. The Federal Trade Commission said Uber failed to disclose the leak last year as the agency investigated and sanctioned the company for a similar data breach that happened in 2014. "After misleading consumers about its privacy and security practices, Uber compounded its misconduct," said Maureen Ohlhausen, the acting FTC chairman. She announced an expansion of last year's settlement with the company and said the new agreement was "designed to ensure that Uber does not engage in similar misconduct in the future."

In the 2016 breach, intruders in a data-storage service run by Amazon.com Inc. obtained unencrypted consumer personal information relating to U.S. riders and drivers, including 25.6 million names and email addresses, 22.1 million names and mobile phone numbers, and 607,000 names and driver's license numbers, the FTC said in a complaint. Under the revised settlement, Uber could be subject to civil penalties if it fails to notify the FTC of future incidents, and it must submit audits of its data security, the agency said.

An anonymous reader quotes a report from TechCrunch: Tomorrow at midnight PT, Apple will begin issuing an alert box when you open a 32-bit app in MacOS 10.13.4. It's a one-time (per app) alert, designed to help MacOS make the full transition to 64-bit. At some unspecified time in the future, the operating system will end its support for 32-bit technology meaning those apps that haven't been updated just won't work. That time, mind you, is not tomorrow, but the company's hoping that this messaging will help light a fire under users and developers to upgrade before that day comes. Says the company on its help page, "To ensure that the apps you purchase are as advanced as the Mac you run them on, all future Mac software will eventually be required to be 64-bit." As the company notes, the transition's been a long time coming. The company started making it 10 or so years ago with the Power Mac G5 desktop, so it hasn't exactly been an overnight ask for developers. Of course, if you've got older, non-supported software in your arsenal, the eventual end-of-lifing could put a severe damper on your workflow. For those users, there will no doubt be some shades of the transition from OS 9 to OS X in all of this.

TechRadar marked the 25th anniversary of the Ruby programming language by writing "there are still questions over whether it can survive another 25 years." The popularity of the Ruby language has been bolstered for many years by the success of the Ruby on Rails (RoR) web application framework which dominated the web scene, particularly among startups who wanted something that deal with much of the heavy lifting... But RoR, although popular, isn't the superstar that it was and It has faced fierce competition as issues such as scaling have become a greater concern for web companies. The JavaScript framework Node.js, for instance, has become popular as it requires less memory to deal with numerous connections because of its callback functions...

To improve performance further Ruby is introducing JIT (Just-In-Time) technology, which is already used by JVM and other languages. "We've created a prototype of this JIT compiler so that this year, probably on Christmas Day, Ruby 2.6 will be released," Matz confirmed. You can try the initial implementation of the MJIT compiler in the 2.6 preview1... Probably the clearest overview explanation of how MJIT works is supplied by Shannon Skipper: "With MJIT, certain Ruby YARV instructions are converted to C code and put into a .c file, which is compiled by GCC or Clang into a .so dynamic library file. The RubyVM can then use that cached, precompiled native code from the dynamic library the next time the RubyVM sees that same YARV instruction.
Ruby creator Yukihiro Matsumoto says Ruby 3.0 "has a goal of being three times faster than Ruby 2.0," and TechRadar reports that it's obvious that Matsumoto "will do anything he can to enable Ruby to survive and thrive..."

And in addition, "he's thoroughly enjoying himself doing what he does... and his outlook is quite simple: Programming is fun, he's had fun for the last 25 years making Ruby, and at the age of 52 now, he hopes that he'll get to spend the next 25 years having as much fun working on the language he dreamt up and wrote down in -- a now lost -- notebook, at the age of 17."

"We want Ruby to be the language that is around for a long time and people still use," Matsumoto tells another interviewer, "not the one people used to use."

Slashdot reader silverdirk writes: Compiled languages have long provided access to the OpenGL API, and even most scripting languages have had OpenGL bindings for a decade or more. But, one significant language missing from the list is our old friend/nemesis Bash. But worry no longer! Now you can create your dazzling 3D visuals right from the comfort of your command line!
"You'll need a system with both Bash and OpenGL support to experience it firsthand," explains software engineer Michael Conrad, who created the first version 13 years ago as "the sixth in a series of 'Abuse of Technology' projects," after "having my technical sensibilities offended that someone had written a real-time video game in Perl.

"Back then, my primary language was C++, and I was studying OpenGL for video game purposes. I declared to my friends that the only thing worse would be if it had been 3D and written in Bash. Having said the idea out loud, it kept prodding me, and I eventually decided to give it a try to one-up the 'awfulness'..."

Slashdot reader Qbertino is pursuing a comp sci degree -- and got a surprise during the last exam: being asked to write code on paper. Not that I'd expect an IDE -- it's an exam after all -- but being able to use a screen and a keyboard with a very simple editor should be standard at universities these days... I find this patently absurd in 2018...

What do you think and what are your recent experiences with exams at universities? Is this still standard? What's the point besides annoying students? Did I miss something?
A similar question was asked on Slashdot 16 years ago -- but apparently nothing has changed since 2002.

Leave your best answers in the comments. Should coding exams be given on paper?

According to new data from the analytics company Appfigures, the total number of apps in the App Store declined for the first time last year. "Appfigures notes that just 755,000 apps were released for iOS last year, a 29% drop from 2016," reports Fortune. "In contrast, 1.5 million apps were released for Android last year, marking a 17% year-over-year increase." From the report: Over the course of the year, the number of apps in the store declined from 2.2 million to 2.1 million, marking the first time the store had fewer apps at the end of the year than it did in the beginning. The reason for that change is likely Apple's decision to remove older apps from the store that were not being updated regularly, The Verge notes. Last year, Apple removed apps that were not built on 64-bit architecture, something necessary for them to work on newer iPhone models.

Come this June, Twitter says it will disable "streaming services", a feature third-party Twitter clients such as Talon, Tweetbot, Twitterrific use to stream the timeline and send push notifications. A replacement for streaming service, the Account Activity API, isn't being made available to third-party developers. In a letter, developers wrote: The new Account Activity API is currently in beta testing, but third-party developers have not been given access and time is running out. With access we might be able to implement some push notifications, but they would be limited at the standard level to 35 Twitter accounts -- our products must deliver notifications to hundreds of thousands of customers. No pricing has been given for Enterprise level service with unlimited accounts -- we have no idea if this will be an affordable option for us and our users.

We are incredibly eager to update our apps. However, despite many requests for clarification and guidance, Twitter has not provided a way for us to recreate the lost functionality. We've been waiting for more than a year. This change affects people who use third-party Twitter apps. All software platforms are affected, but it's worse on iOS and Android where users rely on push notifications to know when something happens on Twitter.

An anonymous reader quotes a report from The Verge: The much-anticipated Supreme Court case U.S. v. Microsoft -- which could have decided the extent of American jurisdiction over foreign servers -- is now, for all intents and purposes, dead. On March 30th, the Department of Justice moved to drop the lawsuit as moot, and today, Microsoft filed to agree with the motion. While the Supreme Court has yet to officially drop the case, it's a foregone conclusion that they will. Both the government and Microsoft agree that the newly passed CLOUD Act renders the lawsuit meaningless. In U.S. v. Microsoft, federal law enforcement clashed with Microsoft over the validity of a Stored Communications Act warrant for data stored on a server in Dublin. The CLOUD Act creates clear new procedures for procuring legal orders for data in these kinds of cross-border situations. In last week's motion to vacate, DOJ disclosed that it had procured a new warrant under the CLOUD Act.

An anonymous reader quotes a report from TechCrunch: Without warning, Instagram has broken many of the unofficial apps built on its platform. This weekend it surprised developers with a massive reduction in how much data they can pull from the Instagram API, shrinking the API limit from 5,000 to 200 calls per user per hour. Apps that help people figure out if their followers follow them back or interact with them, analyze their audiences or find relevant hashtags are now quickly running into their API limits, leading to broken functionality and pissed off users. Two sources confirmed the new limits to TechCrunch, and developers are complaining about the situation on StackOverflow. In a puzzling move, Instagram is refusing to comment on what's happening while its developer rate limits documentation site 404s. All it would confirm is that Instagram has stopped accepting submissions of new apps, just as Facebook announced it would last week following backlash over Cambridge Analytica. Developers tell me they feel left in the dark and angry that the change wasn't scheduled or even officially announced, preventing them from rebuilding their apps to require fewer API calls.

"It seems that nearly every job posting for a software developer these days requires someone who can do it all," complains a Slashdot reader, noting a main focus on finding someone to do "front end work and back end work and database work and message queue work...." I have been in a relatively small shop that for years that has always had a few guys focused on the UI. The rest of us might have to do something on the front-end but are mostly engaged in more complex "back-end" development or MQ and database architecture. I have been keeping my eye on the market, and the laser focus on full stack developers is a real turn-off.

When was the last time you had an outage because the UI didn't work right? I can't count the number of outages resulting from inexperienced developers introducing a bug in the business logic or middle tier. Am I correct in assuming that the shops that are always looking for full stack developers just aren't grown up yet?
sjames (Slashdot reader #1,099) responded that "They are a thing, but in order to have comprehensive experience in everything involved, the developer will almost certainly be older than HR departments in 'the valley' like to hire."

And Dave Ostrander argues that "In the last 10 years front end software development has gotten really complex. Gulp, Grunt, Sass, 35+ different mobile device screen sizes and 15 major browsers to code for, has made the front end skillset very valuable." The original submitter argues that front-end development "is a much simpler domain," leading to its own discussion.

Share your own thoughts in the comments. Are "full-stack" developers a thing?

Apple has unveiled a partnership with Northwestern University and public schools to help teachers bring programming and other forms of computer science into Chicago-area classrooms. "The trio will set up a learning hub at Lane Tech College Prep High School that will introduce high school teachers to Apple's Everyone Can Code curriculum," reports Engadget. "They'll also have the option to train in an App Development with Swift course to boost the number of high school-oriented computer science teachers. Teachers will also have options for in-school coaching and mentorship to make sure they're comfortable with the curriculum when they're in front of actual students."

Microsoft has released a tool to help Linux distribution maintainers bring their distros to the Windows Store to run on Windows 10's Windows Subsystem for Linux. From a report: Microsoft describes the tool as a "reference implementation for a Windows Subsystem for Linux (WSL) distribution installer application," which is aimed at both distribution maintainers and developers who want to create custom Linux distributions for running on WSL. "We know that many Linux distros rely entirely on open-source software, so we would like to bring WSL closer to the OSS community," said Tara Raj of Microsoft's WSL team. "We hope open-sourcing this project will help increase community engagement and bring more of your favorite distros to the Microsoft Store." WSL helps programmers build a full Linux development environment for testing production code on a Windows machine.

Google could owe Oracle billions of dollars after an appeals court said it didn't have the right to use the Oracle-owned Java programming code in its Android operating system on mobile devices. From a report: Google's use of Java shortcuts to develop Android went too far and was a violation of Oracle's copyrights, the U.S. Court of Appeals for the Federal Circuit ruled. The case was remanded to a federal court in California to determine how much the Alphabet unit should pay.

The dispute is over pre-written directions known as application program interfaces, or APIs, which can work across different types of devices and provide the instructions for things like connecting to the internet or accessing certain types of files. By using the APIs, programmers don't have to write new code from scratch to implement every function in their software or change it for every type of device. The case has divided Silicon Valley for years, testing the boundaries between the rights of those who develop interface code and those who rely on it to develop software programs.

dryriver writes: There are occasions where multiple big tech manufacturers all announce the exact same innovation at the same time -- e.g. 4K UHD TVs. Everybody in broadcasting and audiovisual content creation knew that 4K/8K UHD and high dynamic range (HDR) were coming years in advance, and that all the big TV and screen manufacturers were preparing 4K UHD HDR product lines because FHD was beginning to bore consumers. It came as no surprise when everybody had a 4K UHD product announcement and demo ready at the same time. Something very unusual happened this year at GDC 2018 however. Multiple graphics and GPU companies, like Microsoft, Nvidia, and AMD, as well as other game developers and game engine makers, all announced that real-time ray tracing is coming to their mass-market products, and by extension, to computer games, VR content and other realtime 3D applications.

Why is this odd? Because for many years any mention of 30+ FPS real-time ray tracing was thought to be utterly impossible with today's hardware technology. It was deemed far too computationally intensive for today's GPU technology and far too expensive for anything mass market. Gamers weren't screaming for the technology. Technologists didn't think it was doable at this point in time. Raster 3D graphics -- what we have in DirectX, OpenGL and game consoles today -- was very, very profitable and could easily have evolved further the way it has for another 7 to 8 years. And suddenly there it was: everybody announced at the same time that real-time ray tracing is not only technically possible, but also coming to your home gaming PC much sooner than anybody thought. Working tech demos were shown. What happened? How did real-time ray tracing, which only a few 3D graphics nerds and researchers in the field talked about until recently, suddenly become so technically possible, economically feasible, and so guaranteed-to-be-profitable that everybody announced this year that they are doing it?

An anonymous reader quotes a report from Quartz: Zuckerberg should have heeded what he heard from the late Steve Jobs eight years ago. Then, when the social network had a measly half-billion users, Jobs spoke at The Wall Street Journal's AllThingsD conference, where Zuckerberg was in the audience, waiting to be interviewed himself, and described what privacy meant. Journalist Walt Mossberg asked Jobs his thoughts on recent privacy issues around Facebook (which at the time was revamping its privacy controls after criticism it was forcing people to share data) and Google (which was literally recording private wifi information), and whether Silicon Valley looks at privacy differently than the rest of the world.

"Silicon Valley is not monolithic," Jobs responded, "We've always had a very different view of privacy than some of our colleagues in the Valley." Apple, for instance, does not leave it up to developers to decide whether to be dutiful about warning users that their apps are tracking their location data, instead forcing pop-ups on users to alert them that an app is tracking them, and to turn off that ability if they don't want. "We do a lot of things like that, to ensure that people know what these apps are doing," he added. It's a stance his successor, Tim Cook, still holds. Mossberg then asked Jobs if that applied to Apple's own apps in the cloud. Here's what Jobs said: "Privacy means people know what they're signing up for, in plain English, and repeatedly. I'm an optimist; I believe people are smart, and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you're going to do with their data." If the company had been more forthright about how developers could take data shared with them by Facebook users and sold to third parties, it may not have been in the mess it's in today. Additionally, TechCrunch reports that Zuckerberg was warned about app permissions in 2011 by European privacy campaigner and lawyer Max Schrems. "In August 2011, Schrems filed a complaint with the Irish Data Protection Commission exactly flagging the app permissions data sinkhole (Ireland being the focal point for the complaint because that's where Facebook's European HQ is based)."

"[T]his means that not the data subject but 'friends' of the data subject are consenting to the use of personal data," wrote Schrems in the 2011 complaint, fleshing out consent concerns with Facebook's friends' data API. "Since an average facebook user has 130 friends, it is very likely that only one of the user's friends is installing some kind of spam or phishing application and is consenting to the use of all data of the data subject. There are many applications that do not need to access the users' friends personal data (e.g. games, quizzes, apps that only post things on the user's page) but Facebook Ireland does not offer a more limited level of access than 'all the basic information of all friends.'" [...] "The data subject is not given an unambiguous consent to the processing of personal data by applications (no opt-in). Even if a data subject is aware of this entire process, the data subject cannot foresee which application of which developer will be using which personal data in the future. Any form of consent can therefore never be specific," he added. It took Facebook from September 2012 until May 2014 and May 2015 to implement changes and tighten app permissions.

Thousands of etcd servers "are spitting sensitive passwords and encrypted keys," reports Fossbytes: Security researcher Giovanni Collazo was able to harvest 8781 passwords, 650 AWS access keys, 23 secret keys, and 8 private keys. First, he ran a query on the hacker search engine Shodan that returned around 2300 servers running etcd database. Then, he ran a simple script that gave him the login credentials stored on these servers which can be used to gain access to CMSs, MySQL, and PostgreSQL databases, etc.

etcd is a database used by computing clusters to store and exchange passwords and configuration settings between servers and applications over the network. With the default settings, its programming interface can return administrative login credentials without any authentication upfront... All of the data he harvested from around 1500 servers is around 750MB in size... Collazo advises that anyone maintaining etcd servers should enable authentication, set up a firewall, and take other security measures.
Another security research independently verified the results, and reported that one MySQL database had the root password "1234".

An anonymous reader quotes Application Development Trends: Oracle announced the general availability of Java SE 10 (JDK 10) this week. This release, which comes barely six months after the release of Java SE 9, is the first in the new rapid release cadence Oracle announced late last year. The new release schedule, which the company is calling an "innovation cycle," calls for a feature release every six months, update releases every quarter, and a long-term support (LTS) release every three years. Java 10 is a feature release that obsoletes Java 9. The next LTS release will be Java 11, expected in September. The next LTS version after that will be Java 17, scheduled for release in September 2021...

The six-month feature release cadence is meant to reduce the latency between major releases, explained is Sharat Chander, director of Oracle's Java SE Product Management group, said in a blog post. "This release model takes inspiration from the release models used by other platforms and by various operating-system distributions addressing the modern application development landscape," Chander wrote. "The pace of innovation is happening at an ever-increasing rate and this new release model will allow developers to leverage new features in production as soon as possible. Modern application development expects simple open licensing and a predictable time-based cadence, and the new release model delivers on both."
This release finally adds var to the Java language (though its use is limited to local variables with initializers or declared in a for-loop). It's being added "to improve the developer experience by reducing the ceremony associated with writing Java code, while maintaining Java's commitment to static type safety, by allowing developers to elide the often-unnecessary manifest declaration of local variable type."

HotHardware writes: NVIDIA has been dabbling in real-time ray tracing for over a decade. However, the company just introduced NVIDIA RTX, which is its latest effort to deliver real-time ray tracing to game developers and content creators for implementation in actual game engines. Historically, the computational horsepower to perform real-time ray tracing has been too great to be practical in actual games, but NVIDIA hopes to change that with its new Volta GPU architecture and the help of Microsoft's new DirectX Raytracing (DXR) API enhancements. Ray tracing is a method by which images are enhanced by tracing rays or paths of light as they bounce in and around an object (or objects) in a scene. Under optimum conditions, ray tracing delivers photorealistic imagery with shadows that are correctly cast; water effects that show proper reflections and coloring; and scenes that are cast with realistic lighting effects. NVIDIA RTX is a combination of software (the company's Gameworks SDK, now with ray tracing support), and next generation GPU hardware. NVIDIA notes its Volta architecture has specific hardware support for real-time ray tracing, including offload via its Tensor core engines. To show what's possible with the technology, developers including Epic, 4A Games and Remedy Entertainment will be showcasing their own game engine demonstrations this week at the Game Developers Conference. NVIDIA expects the ramp to be slow at first, but believes eventually most game developers will adopt real-time ray tracing in the future.

Magic Leap just announced a preview of its software development kit and "creator portal," which will offer resources for people who want to build for its yet-unreleased Magic Leap One headset. You can now download a preview build of the Unreal or Unity engines, designed for what Magic Leap dubs "spatial computing." This is one of Magic Leap's juiciest announcements, marking one of the secretive company's first steps toward establishing itself as an open platform. It also may be a sign that the company is finally close to releasing hardware. The Verge reports: The creator portal touts a set of tutorials, a community for technical support, and a "Magic Leap Simulator" that will presumably help people preview apps before they get a headset. The Magic Leap One was announced late last year, and it's supposed to be released this year, but we still don't know details about the exact date or pricing. The portal says that a marketplace called "Magic Leap World" will launch soon.

An anonymous reader quotes a report from Gadgets Now: Amazon is hiring 1,147 people just for its Alexa business. To put this number in perspective, it has to be mentioned that this number is higher than what Google is hiring for technical and product roles across its Alphabet group of companies including YouTube and Waymo. According to a report published in Forbes, Amazon is hiring engineers, data scientists, developers, analysts, payment services professionals among others. The Forbes report cites information released by Citi Research in association with Jobs.com. It's clear that Amazon is betting big on the smartphone speaker market if the hiring numbers are to go by. It was the first major company to come with a smart speaker and has almost 70% market share in the U.S. Google has been making in-roads with Google Home devices but still has a lot of catching up to do. The Citi report further mentions that other notable areas where Amazon is hiring are devices, advertising and seller services. Amazon is looking at hiring a total of about 1,700 employees for other divisions.