Microsoft has officially retired the security bulletins this week, which were issued to detail "each month's slate of vulnerabilities and accompanying patches for customers -- especially administrators responsible for companies' IT operations," writes Gregg Keizer via Computerworld. "The move to a bulletin-less Patch Tuesday brought an end to months of Microsoft talk about killing the bulletins that included an aborted attempt to toss them." From the report: Microsoft announced the demise of bulletins in November, saying then that the last would be posted with January's Patch Tuesday, and that the new process would debut Feb. 14. A searchable database of support documents would replace the bulletins. Accessed through the "Security Updates Guide" (SUG) portal, the database's content can be sorted and filtered by the affected software, the patch's release date, its CVE (Common Vulnerabilities and Exposures) identifier, and the numerical label of the KB, or "knowledge base" support document. SUG's forerunners were the web-based bulletins that have been part of Microsoft's patch disclosure policies since at least 1998. Microsoft did such a good job turning out those bulletins that they were considered the aspirational benchmark for all software vendors.In February Microsoft canceled that month's Patch Tuesday just hours before the security updates were to reach customers, making the bulletins' planned demise moot. Microsoft kept the bulletins the following month as well, saying it wanted to give users more time to prepare for the change to SUG. Finally, when Microsoft yesterday shipped cumulative security updates for Windows, Internet Explorer, Office and other products, it omitted the usual bulletins.

From a report on Quartz: Over the past decade, designers and engineers have invented dozens of new tools to keep us connected to the office without actually going there. Unsurprisingly, those same engineers have been among the first to start using them in large numbers. More programmers are working from home than ever and, among the most experienced, some are even beginning to demand it. In 2015, an estimated 300,000 full-time employees in computer science jobs worked from home in the US. Although not the largest group of remote employees in absolute numbers, that's about 8% of all programmers, which is a significantly larger share than in any other job category, and well above the average for all jobs of just under 3%. [...] Programmers not only work from home more often than other employees, when they do they are more likely to work all day at home. From 2012 to 2015, the average full-time programmer who worked from home said they spent an average of five and a half hours doing so. That's an 92% increase in the average time spent at home from 2003 to 2005, and nearly double the average for all jobs.

The Bank of Canada has hid a "Konami Code" Easter egg on its website celebrating their new $10 bank note. The Konami Code is a cheat code that appears in many Konami video games, allowing players to press a sequence of buttons on their game controller to enable the cheat. "The Bank of Canada's web team thought the Konami code [Easter egg] was a fun way to celebrate Canada's 150th anniversary of Confederation," Bank of Canada spokeswoman Josianne Menard told CTV news. Engadget reports: On top of being laden with anti-counterfeiting tech that makes it extremely difficult to copy (holograms, raised ink, color-changing images and polymer materials), the new ten is a who's who and what's what of Canadian history. It features Canada's founding Prime Minister John A. MacDonald, Agnes Macphail, first woman parliamentarian, and Indigenous peoples pioneer James Gladstone, known in his Blackfoot language as Akay-na-muka. It also shows Canada's prairies, the coastal mountains of British Columbia, the Canadian Shield, Atlantic coast, northern lights, Metis Assomption Sash, maple leaf and much more (no poutine, though). All of that is squeezed on the 152.4 x 69.85 mm note -- that's exactly 6 x 2.75 inches, because Canada uses the metric system but probably still buys its printing presses from the U.S. The Konami code is in keeping with Canada's tradition of doing cute, pop-culture things with its history.

From a report on Reuters: Bill Hinshaw is not a typical 75-year-old. He divides his time between his family -- he has 32 grandchildren and great-grandchildren -- and helping U.S. companies avert crippling computer meltdowns. Hinshaw, who got into programming in the 1960s when computers took up entire rooms and programmers used punch cards, is a member of a dwindling community of IT veterans who specialize in a vintage programming language called COBOL. The Common Business-Oriented Language was developed nearly 60 years ago and has been gradually replaced by newer, more versatile languages such as Java, C and Python. Although few universities still offer COBOL courses, the language remains crucial to businesses and institutions around the world. In the United States, the financial sector, major corporations and parts of the federal government still largely rely on it because it underpins powerful systems that were built in the 70s or 80s and never fully replaced. And here lies the problem: if something goes wrong, few people know how to fix it. The stakes are especially high for the financial industry, where an estimated $3 trillion in daily commerce flows through COBOL systems. The language underpins deposit accounts, check-clearing services, card networks, ATMs, mortgage servicing, loan ledgers and other services. The industry's aggressive push into digital banking makes it even more important to solve the COBOL dilemma. Mobile apps and other new tools are written in modern languages that need to work seamlessly with old underlying systems. That is where Hinshaw and fellow COBOL specialists come in. A few years ago, the north Texas resident planned to shutter his IT firm and retire after decades of working with financial and public institutions, but calls from former clients just kept coming.

"We are very excited about contributions from the community," announced Alphabet's DeepMind, open sourcing a new library to make it easier to build complex TensorFlow neural networks. An anonymous reader writes: "DeepMind foresees Sonnet to be used by the community as a research propellant," reports FossBytes. "Also, it would allow easy sharing of other models created by DeepMind with the community." Sonnet uses an object-oriented approach, a recent blog post explained, pointing to more details on GitHub. "The main principle of 'Sonnet' is to first construct Python objects which represent some part of a neural network, and then separately connect these objects into the TensorFlow computation graph."

DeepMind sees this as part of their broader commitment to open source AI research. "In recent months we've also open-sourced our flagship platform DeepMind Lab, and are currently working with Blizzard to develop an open source API that supports AI research in StarCraft II."

An anonymous reader writes: Open source guru Eric S. Raymond has announced public brainstorming on a "gallery of hacker archetypes to help motivate newbies" by defining several different psychologies commonly found among programmers. He's unveiled an initial list developed with a friend, along with some interesting commentary. (Algorithmicists often have poor social skills and "a tendency to fail by excessive cleverness. Never let them manage anyone!")

Raymond cautions that "No hacker is only one of these" -- though apparently most of the hackers he knows appear to be two of them, "an indication that we are, even if imperfectly, zeroing in on real traits." But the blog post ends by asking "What archetypes, if any, are we missing?"
It'll be interesting to see if Slashdot readers if they recognize themselves in any of the archetypes. But the blog post also answers the inevitable question. What archetype is Eric S. Raymond?

"Mostly Architect with a side of Algorithmicist and a touch of Jack-of-All-Trades."

"Scala is one of the JVM languages that manages to maintain a hip and professional vibe at the same time," writes long-time Slashdot reader Qbertino -- building up to a big question: One reason for this probably being that Scala was built by people who knew what they were doing. It has been around for a few years now in a mature form and I got curious about it a few years back. My question to the Slashdot community: Is getting into Scala worthwhile from a practical/industry standpoint or is it better to just stick with Java? Have you done larger, continuous multi-year, multi-man and mission-critical applications in Scala and what are your experiences?
The original submission asks two related questions. First, "Do you have to be a CS/math genius to make sense of Scala and use it correctly?" But more importantly, "Is Scala there to stay wherever it is deployed and used in real-world scenarios, or are there pitfalls and cracks showing up that would deter you from using Scala once again?" So share your experiences and answers in the comments. Would you recommend moving from Java to Scala?

Last week The Daily Beast ran an article about the FBI's arrest of "the hacker who hacked no one." In December they'd arrested 26-year-old Taylor Huddleston, "the author of a remote administration tool, or RAT, called NanoCore that happens to be popular with hackers." It's been "linked to intrusions in at least 10 countries," reported Kevin Poulsen, but "as Huddleston sees it, he's a victim himself -- hackers have been pirating his program for years and using it to commit crimes."

The article quotes Huddleston's lawyer, as well as a Cornell law professor who warns of the "chilling effect" of its implications on programmers. But it also says security experts who examined the software are "inherently skeptical" of Huddleston's claim that the software was intended for legal use, since that's "a common claim amongst RAT authors." Security researcher Brian Krebs also sees "a more complex and nuanced picture" after "a closer look at the government's side of the story -- as well as public postings left behind by the accused and his alleged accomplices."

Click through for the rest of the story.

A class-action lawsuit against Uber alleges that Uber has "devised a 'clever and sophisticated' scheme in which it manipulates navigation data used to determine 'upfront' rider fare prices while secretly short-changing the driver," reports Ars Technica. "When a rider uses Uber's app to hail a ride, the fare the app immediately shows to the passenger is based on a slower and longer route compared to the one displayed to the driver. The software displays a quicker, shorter route for the driver. But the rider pays the higher fee, and the driver's commission is paid from the cheaper, faster route, according to the lawsuit." From the report: This latest lawsuit (PDF) claims that Uber implemented the so-called "upfront" pricing scheme in September and informed drivers that fares are calculated on a per-mile and per-minute charge for the estimated distance and time of a ride. "However, the software that calculates the upfront price that is displayed and charged to the Users calculates the expected distance and time utilizing a route that is often longer in both distance and time to the one displayed in the driver's application," according to the suit. In the end, the rider pays a higher fee because the software calculates a longer route and displays that to the passenger. Yet the driver is paid a lower rate based on a quicker route, according to the suit. Uber keeps "the difference charged to the User and the fare reported to the driver, in addition to the service fee and booking fee disclosed to drivers," according to the suit.

Twitter wants to fix its relationship with developers, it said Thursday. The company, which sold its developer platform to Google earlier this year, said moving forward it intends to be more transparent with developers and provide them with more insight. From a report: While some continue to call the end of Twitter (and others gave up on the product years ago), the company is prioritizing more tools for developers in order to grow the site. "These efforts represent a massive new engineering and product investment in the future of the Twitter API platform, and in our developer ecosystem," Andy Piper, Twitter's staff developer advocate, wrote in a blog post announcement. One of the steps involves creating an easier to use service overall. Twitter offers several developer products, including free APIs, services from data analysis group Gnip, and the enterprise-level Twitter API product. Twitter plans to simplify its offerings by releasing one way to get access to the Firehouse (access to all tweets in real-time), one way to access Twitter search, and one access for account activity.

An anonymous reader shares an article: For generations, movies, video games, and tv shows have portrayed the developer as either an awkward hoodie-wearing nerd, or an insane and menacing basement dweller (or both). From Ace Ventura to Silicon Valley, everyone has had their chance to portray the developer. Few actors do this with the same grace they'd reserve for a role portraying a doctor. [...] I think it's time for all of us to try and elevate our understanding of what a developer is. If you are a tech company who markets to developers, or is hoping to hire developers this is doubly true. So, how should we talk about developers? First, we should talk about how important their work is. Programming is one of the fastest growing industries in the world as it serves a role in every part of society. Developers maintain and build critical parts of our infrastructure. Second, we need to talk about the craft of what they do... we need to show more code. Every developer may use a different set of tools, but across the board their craft is evolving at increasing rates. [...] I think we can drop developer stereotypes all together at this point. It's a job people know -- it's time to add some vitamins to that kool-aid. After all, we're just like lawyers, librarians, electricians and cab drivers... we're just people, totally unique and different people. But if there is one thing that unites us, it's a unifying desire to build new things, improve old things, learn when we can and avoid being stereotyped. It's as simple as that.

21,000 developers were surveyed for this year's annual survey by VisionMobile -- and for the first time, they were asked about their salaries. An anonymous reader quotes Linux.com: [S]killed cloud and backend developers, as well as those who work in emerging technologies including Internet of Things, machine learning and augmented/virtual reality can make more money than frontend web and mobile developers whose skills have become more commoditized... The top 10 percent of salary earners in AR who live in North America earn a median salary of $219,000, compared with $169,000 for the top earning 10 percent of backend developers, according to the report... New, unskilled developers interested in emerging tech will have a harder time finding work, and earn less than their counterparts in more commoditized areas, due both to their lack of experience and fewer companies hiring in the early market.

Along with skill level and software sector, developer salaries also vary widely by where they live in the world. A web developer in North America earns a median income of $73,600 USD per year, compared with the same developer in Western Europe whose median income is $35,400 USD. Web developers in South Asia earn $11,700 in South Asia while those in Eastern Europe earn $20,800 per year.
For developers who want to move up in the world, VisionMobile suggests "Invest in your skills. Do difficult work. Improve your English. Look for opportunities internationally. Go for it. You deserve it!"

An anonymous reader writes: "The Tor Browser, a heavily modified version of the Firefox browser with many privacy-enhancing features, will include more code written in the Rust programming language," reports BleepingComputer. In a meeting held last week in Amsterdam, Tor developers decided to slowly start using Rust to replace the C++ code. The decision comes after Mozilla started shipping Rust components with Firefox in 2016. Furthermore, Rust is a memory-safe(r) language than C++, the language used for Firefox and the customized Tor code, which means less memory corruption errors. Less of these errors means better privacy for all.
"Part of our interest in using safer languages like Rust in Tor is because a tiny mistake in C could have real consequences for real people," Tor developer Isis Agora Lovecruft posted on Twitter, adding "Also the barrier to entry for contributing to large OSS projects written in C is insanely high."

Developer David Timothy Strauss is publishing a call to code "straightforward, easy-to-reason-about approaches" -- in an essay titled "Choosing 'Some C++' Over C". (Alternate title: "C++ for Lovers of C." The problem with just picking C++ is that most criticism of it is legitimate. Whether it's the '90s-era obsession with object orientation and exceptions or the template errors that take up an entire terminal window, there have been -- and remain -- rough edges to C++. But, these rough edges are avoidable, unlike the problems in C that get worse with modern event and library programming. The opinionated essay calls for "adopting a subset of C++ to smooth out C's rough edges," arguing that C++ offer a better, type-safe approach for event-driven design (as well as destructors to avoid memory allocation leaks). Are there any readers who'd like to weigh in on the advantages of C versus C++?

An anonymous reader quotes InfoWorld: Mithril, an open source JavaScript framework for single-page applications, is looking to best Facebook's React, Google's Angular, and Vue JavaScript tools in performance and ease of use. The framework is small and fast, and it provides routing and XHR (XMLHttpRequest) out of the box. Mithril also offers benefits in relative density, lead developer Leo Horie said. "It's possible to develop entire applications without resorting to other libraries, and it's not uncommon for Mithril apps to weigh a third of other apps of similar complexity." Horie said that the framework feels closer to vanilla JavaScript.

Mithril's website features a comparison to Angular, React, and Vue. Mithril, for example, offers much quicker library load times and update performance than React, and it has a better learning curve and update performance than Angular. Compared to Vue, Mithril supposedly offers better library load times and update performance.
Since its initial release, version 1.0.1 has added performance improvements in IE, while 1.1.0 added support for ES6 class components and support for closure components.

Microsoft corporate vice president Brian Harry announced in a blog post today that they are shutting down CodePlex, its service for hosting repositories of open source software. "As of this post, we've disabled the ability to create new CodePlex projects," Harry wrote. "In October, we'll set CodePlex to read-only, before shutting it down completely on December 15th, 2017." VentureBeat reports: While people will be able to download an archive of their data, Microsoft is teaming up with GitHub, which provides similar functionality for hosting code that people can collaborate on, to give users "a streamlined import experience" to migrate code and related content there. "Over the years, we've seen a lot of amazing options come and go but at this point, GitHub is the de facto place for open source sharing and most open source projects have migrated there," Harry wrote. Microsoft has been leaning in more and more to GitHub in the past few years. It moved the CNTK deep learning toolkit from CodePlex to GitHub last year. Today Microsoft's GitHub organization has more than 16,000 open source contributors, Harry wrote. And last year GitHub itself made a big deal about Microsoft's adoption of GitHub. At the same time, CodePlex has rotted. In the past month people have made commits to fewer than 350 projects, Harry wrote. GitHub is based on the Git open source version control software, which keeps track of changes by multiple people. People can move code to alternative systems like Atlassian's Bitbucket and Microsoft's Visual Studio Team Services, Harry wrote. The startup GitLab also offers hosting for open and closed source projects.

Slashvertisement: Here is SourceForge's message to CodePlex devs.

An anonymous reader writes: Chromium engineers are discussing plans to change how JavaScript popups work inside Chrome and other similar browsers. In a proposal published on the Google Developers portal, the Chromium team acknowledged that JavaScript popups are consistently used to harm users.

To combat this threat, Google engineers say they plan to make JavaScript modals, like the alert(), confirm(), and dialog() methods, only work on a per-tab basis, and not per-window. This change means that popups won't block users from switching and closing the tab, putting an end to any overly-aggresive tactics on the part of the website's owner(s).

There is no timeline on Google's decision to move JavaScript popups to a per-tab model, but Chromium engineers have been debating this issue since July 2016 as part of Project OldSpice. A similar change was made to Safari 9.1, released this week. Apple's decision came after crooks used a bug in Safari to block users on malicious pages using popups. Crooks then tried to extort payment, posing as ransomware.

theodp writes: Speaking about women in STEM at a Women's History Month event at the Smithsonian National Air and Space Museum, new [unpaid] federal employee Ivanka Trump revealed she'll be taking a computer coding class with her 5-year-old daughter. "On a very personal level, as a mom I'm trying to do my part as well," Ivanka told the crowd. "My daughter Arabella and I are enrolling in a coding class this summer." Parroting supermodel Karlie Kloss (the girlfriend of Ivanka's brother-in-law), the first daughter added, "We're excited to learn this incredibly important new language together. Coding truly is the language of the future."

An anonymous reader shares a report: For years, Apple's App Store, the place where people download apps for games and social networking services on their iPhones, has generated far more revenue worldwide than its Android competitors. This year, things are changing: The App Store will fall second to the amount of revenue generated by Android app distributors, predicts analytics firm App Annie. In 2017, the App Store will generate $40 billion in revenue, while Android app stores run by Google and other parties will generate $41 billion, App Annie said. That gap is expected to widen in 2021, with Android app stores generating $78 billion in revenue and Apple's App Store at $60 billion in revenue, according to App Annie's report released on Wednesday. The surge in revenue for Android comes from a growing number of consumers in China who are buying Android phones and are willing to pay for apps. In 2021, App Annie expects there to be eight Android smartphone users to every single iPhone user in China.

Paul Kunert writes in an exclusive report via The Register: Oracle has hired global specialists to explore the feasibility of buying multi-billion dollar consultancy Accenture, sources have told us. The database giant has engaged a team of consultants to conduct due diligence to "explore the synergies that could be created if they [Oracle] bought Accenture lock stock and barrel," one source claimed. On top of the financial considerations, the consultants are evaluating the pros and cons including the potential impact on Oracle's wider channel. "While these things have a habit of fizzling out there are some fairly serious players around the table," a contact added. Another claimed the process was at an early stage. "If buying Accenture was a 100 meter race, Oracle is at the 10 to 15 meter stage now." [T]his buy would be an immensely bold, complicated and pricey move: NYSE-listed Accenture has a market cap of $77.5 billion, and shareholders will expect a premium offer. A deal would dwarf Oracle's $10 billion buy of PeopleSoft, its $7.4 billion deal for Sun Microsystems, and more recently, the $9.3 billion splashed on Netsuite. In buying Accenture, Oracle would be taking a leaf out of the mid-noughties handbook - when HP fatefully bought EDS and IBM acquired PWC to carve out a brighter future.