WikiLeaks said on Twitter earlier today that it wants to publish the private information of hundreds of thousands of verified Twitter users. The group said an online database would include such sensitive details as family relationships and finances. USA Today reports: "We are thinking of making an online database with all 'verified' twitter accounts [and] their family/job/financial/housing relationships," the WikiLeaks Task Force account tweeted Friday. The account then tweeted: "We are looking for clear discrete (father/shareholding/party membership) variables that can be put into our AI software. Other suggestions?" Wikileaks told journalist Kevin Collier on Twitter that the organization wants to "develop a metric to understand influence networks based on proximity graphs." Twitter bans the use of Twitter data for "surveillance purposes." In a statement, Twitter said: "Posting another person's private and confidential information is a violation of the Twitter rules." Twitter declined to say how many of its users have verified accounts but the Verified Twitter account which follows verified accounts currently follows 237,000. Verified accounts confirm the identity of the person tweeting by displaying a blue check mark. Twitter says it verifies an account when "it is determined to be an account of public interest." Twitter launched the feature in 2009 after celebrities complained about people impersonating them on the social media service.

From a report on Neowin: A few months ago, Microsoft announced that it was shuttering its TechRewards program in 2017. The project, that was originally started by Nokia under the name DVLUP rewards program, aimed to reward developers with badges, XP, gift cards and other prizes for developing or incorporating new features in their apps. When Microsoft acquired Nokia's devices and services division back in 2014, the program was rebranded to Microsoft TechRewards. Today, Microsoft has formally shut down the TechRewards program.

Senior Program Manager at Microsoft has responded to speculations that Command Prompt is going away. He writes: The Cmd shell remains an essential part of Windows, and is used daily by millions of businesses, developers, and IT Pro's around the world. In fact:
1. Much of the automated system that builds and tests Windows itself is a collection of many Cmd scripts that have been created over many years, without which we couldn't build Windows itself!
2. Cmd is one of the most frequently run executables on Windows with a similar number of daily launches as File Explorer, Edge and Internet Explorer!
3. Many of our customers and partners are totally dependent on Cmd, and all its quirks, for their companies" existence!
In short: Cmd is an absolutely vital feature of Windows and, until there's almost nobody running Cmd scripts or tools, Cmd will remain within Windows.

Apple said Thursday its App Store generated $20 billion for developers in 2016, a 40 percent increase from 2015, helped by the popularity of games such as Pokemon Go and Super Mario Run and increased revenue from subscriptions. From a report on CNBC: "2016 was an amazingly great year for the App Store," Philip Schiller, Apple's senior vice president of worldwide marketing, told CNBC. "We continue to advance what is available for developers to create. And our catalog of apps grew 20 percent to 2.2 million." Schiller said the biggest drivers for the App Store included games such as "Pokemon Go," which was the most downloaded app in 2016; "Super Mario," which was the most downloaded app on Christmas and New Year's days; and subscription-based apps, such as Netflix, Hulu and Time Warner's HBO Go. The tech giant said its biggest day of sales on the App Store was on Jan. 1, 2017, when customers spent a record $240 million. The top grossing markets included the U.S, U.K., Japan and China, which saw 90 percent year-over-year growth.

An employee at Forza Horizon 3 developer Playground Games accidentally green-lighted the wrong update file for PC players, who found themselves downloading a whopping 53GB download that turned out to be an unencrypted future build (.37.2) of the entire game intended for developers. Motherboard reports: Naturally, players who'd managed to download it yesterday had a field day leaking the information within, right down to massive posts on Imgur showing all the new cars and forum threads detailing the Porsches thought to come in an future unannounced pack. Since Forza Horizon 3 requires a constant online connection and works off of a constantly refreshing save file, anyone who played the new patch on PC found themselves slapped with an error saying their Forza profiles were no longer available. Playing it with the new build would thus effectively mean starting a new game from scratch, even if they'd dumped dozens of hours into Forza Horizon 3 since its release last September. But starting over is exactly what players shouldn't have done. The best thing they could do was shut down the game, walk away, and wait for a fix. "PC players who completed the download of .37.2 and then started a new game save will have a corrupted saved game," wrote Brian Ekberg, Forza's community manager, in a forum post. "Avoid creating a new saved game on .37.2, and only play on .35.2 to avoid this issue. As long as you have an existing save and have not created a new one on .37.2, your saved game will work correctly once the update is available."

An anonymous reader writes: "An attacker going by the name of Harak1r1 is hijacking unprotected MongoDB databases, stealing and replacing their content, and asking for a 0.2 Bitcoin ($200) ransom to return the data," reports Bleeping Computer. According to John Matherly, Shodan founder, over 1,800 MongoDB databases have had their content replaced with a table called WARNING that contains the ransom note. Spotted by security researcher Victor Gevers, these databases are MongoDB instances that feature no administrator password and are exposed to external connections from the internet. Database owners in China have been hit, while Bleeping Computer and MacKeeper have confirmed other infections, one which hit a prominent U.S. healthcare organization and blocked access to over 200,000 user records. These attacks are somewhat similar to attacks on Redis servers in 2016, when an unknown attacker had hijacked and installed the Fairware ransomware on hundreds of Linux servers running Redis DB. The two series of attacks don't appear to be related.

An anonymous reader writes: Chuck Finley checked out 2,361 books from a Florida library in just nine months, increasing their total circulation by 3.9%. But he doesn't exist. "The fictional character was concocted by two employees at the library, complete with a false address and driver's license number," according to the Orlando Sentinel. The department overseeing the library acknowledges their general rule is "if something isn't circulated in one to two years, it's typically weeded out of circulation." So the fake patron scheme was concocted by a library assistant working with the library's branch supervisor, who "said he wanted to avoid having to later repurchase books purged from the shelf." But according to the newspaper the branch supervisor "said the same thing is being done at other libraries, too."

Slashdot reader horrido shares an article that "has done more for Smalltalk advocacy than any other article in memory." It was the second-most popular article of the year on the Hewlett Packard Enterprise site TechBeacon (recently passing 20,000 views), with Richard Eng, the founder of the nonprofit Smalltalk Renaissance, arguing that the 44-year-old language is much more than a tool for teachers -- and not just because Amber Smalltalk transpiles to JavaScript for front-end web programming. It's a superlative prototyping language for startups. It's an industrial-strength enterprise language used by businesses both big and small all around the globe... Smalltalk's implementation of the object-oriented paradigm is so excellent that it has influenced an entire generation of OO languages, such as Objective-C, Python, Ruby, CLOS, PHP 5, Perl 6, Erlang, Groovy, Scala, Dart, Swift, and so on. By learning Smalltalk, you'll understand how all of those useful features in today's OO languages came to be.
The article also argues that Smalltalk pioneered just-in-time compilation and virtual machines, the model-view-controller design paradigm, and to a large extent, even test-driven development. But most importantly, Smalltalk's reliance on domain-specific languages makes it "the 'purest' OO, and one of the earliest... It is often said that programming in Smalltalk or Python is rather like Zen; your mind just flows effortlessly with the task. This is the beauty and value of language simplicity, and Smalltalk has this in spades... Smalltalk, by virtue of its object purity and consistency, will give you a profoundly better understanding of object-oriented programming and how to use it to its best effect."

An anonymous reader writes: Remember that story about how women "get pull requests accepted more (except when you know they're women)." The study actually showed that men also had their code accepted more often when their gender wasn't known, according to Tech In Asia -- and more importantly, the lower acceptance rates (for both men and women) applied mostly to code submitters from outside the GitHub community. "Among insiders, there's no evidence of discrimination against women. In fact, the reverse is true: women who are on the inside and whose genders are easy to discern get more of their code approved, and to a statistically significant degree."

Eight months after the story ran, the BBC finally re-wrote their original headline ("Women write better code, study suggests") and added the crucial detail that acceptance rates for women fell "if they were not regulars on the service and were identified by their gender."

An anonymous reader quotes a report from International Business Times: According to a report from ProPublica, the world's largest social network knows far more about its users than just what they do online. What Facebook can't glean from a user's activity, it's getting from third-party data brokers. ProPublica found the social network is purchasing additional information including personal income, where a person eats out and how many credit cards they keep. That data all comes separate from the unique identifiers that Facebook generates for its users based on interests and online behavior. A separate investigation by ProPublica in which the publication asked users to report categories of interest Facebook assigned to them generated more than 52,000 attributes. The data Facebook pays for from other brokers to round out user profiles isn't disclosed by the company beyond a note that it gets information "from a few different sources." Those sources, according to ProPublica, come from commercial data brokers who have access to information about people that isn't linked directly to online behavior. The social network doesn't disclose those sources because the information isn't collected by Facebook and is publicly available. Facebook does provide a page in its help center that details how to get removed from the lists held by third-party data brokers. However, the process isn't particularly easy. In the case of the Oracle-owned Datalogix, users who want off the list have to send a written request and a copy of a government-issued identification in the mail to Oracle's chief privacy officer. Another data collecting service, Acxiom, requires users provide the last four digits of their social security number to see the information the company has gathered about them.

An anonymous reader quotes a report from ZDNet: Nevada's state government website has leaked the personal data on over 11,700 applicants for dispensing medical marijuana in the state. Each application, eight pages in length, includes the person's full name, home address, citizenship, and even their weight and height, race, and eye and hair color. The applications also include the applicant's citizenship, their driving license number (where applicable), and social security number. Security researcher Justin Shafer found the bug in the state's website portal, allowing anyone with the right web address to access and enumerate the thousands of applications. Though the medical marijuana portal can be found with a crafted Google search query, we're not publishing the web address out of caution until the bug is fixed. A spokesperson for the Nevada Dept. Health and Human Services, which runs the medical marijuana application program, told ZDNet that the website has been pulled offline to limit the vulnerability. The spokesperson added that the leaked data was a "portion" of one of several databases.

An anonymous reader writes from a report via BleepingComputer: A security flaw discovered in a common PHP class allows knowledgeable attackers to execute code on a website that uses a vulnerable version of the script, which in turn can allow an attacker to take control over the underlying server. The vulnerable library is PHPMailer, a PHP script that allows developers to automate the task of sending emails using PHP code, also included with WordPress, Drupal, Joomla, and more. The vulnerability was fixed on Christmas with the release of PHPMailer version 5.2.18. Nevertheless, despite the presence of a patched version, it will take some time for the security update to propagate. Judging by past incidents, millions of sites will never be updated, leaving a large chunk of the Internet open to attacks. Even though the security researcher who discovered the flaw didn't publish any in-depth details about his findings, someone reverse-engineered the PHPMailer patch and published their own exploit code online, allowing others to automate attacks using this flaw, which is largely still unpatched due to the holiday season.

Long-time Slashdot reader kruhft brings news about a new S-Expression based language transpiler that has the feel of C. This structure allows for the creation of code generation macros using the full power of the host Common Lisp environment, a language designed for operating on S-Expressions, also known as Lists. It is unknown exactly what power might come about from this combination of low level processing with high level code generation.
This has prompted some discussion online about other attempts to convert Lisp to C -- raising several more questions. How (and why) would you convert your Lisp code into C, and what would then be the best uses for this capability?

On Friday, more than a year after Python 3.5, core developers Elvis Pranskevichus and Yury Selivanov announced the release of version 3.6. An anonymous reader writes: InfoWorld describes the changes as async in more places, speed and memory usage improvements, and pluggable support for JITs, tracers, and debuggers. "Python 3.6 also provides support for DTrace and SystemTap, brings a secrets module to the standard library [to generate authentication tokens], introduces new string and number formats, and adds type annotations for variables. It also gives us easier methods to customize the creation of subclasses."
You can read Slashdot's interview with Python creator Guido van Rossum from 2013. I also remember an interview this July where Perl creator Larry Wall called Python "a pretty okay first language, with a tendency towards style enforcement, monoculture, and group-think...more interested in giving you one adequate way to do something than it is in giving you a workshop that you, the programmer, get to choose the best tool from." Anyone want to share their thoughts today about the future of Python?

Reader Trailrunner7 writes: Apple has pushed back a deadline for developers to support a key transport security technology in apps submitted to the company's app stores. Officials said at the Apple Worldwide Developers Conference earlier this year that developers would have to support Apple Transport Security by the end of 2016. But on Thursday, the company announced that it has decided to extend the deadline indefinitely. ATS is Apple's collection of transport security standards designed to provide attack resistance for data that's sent between iOS and macOS apps and backend servers. It requires apps to support a number of modern transport security technologies, including TLS 1.2, AES-128 or stronger, and certificates must be signed using SHA-2. ATS also requires the use of forward secrecy, a key-exchange method that protects encrypted sessions even if the server certificate is compromised at some point in the future.

In a press release, Crytek, the developer behind hits such as the Crysis and Far Cry shooters, announced that it will be closing five of its studios in an effort to "refocus on its core strengths." The only studios remaining will be Crytek's Frankfurt, Germany and Kiev, Ukraine locations. Polygon reports: Other than Crytek's Frankfurt headquarters and Kiev studio, which develops free-to-play shooter Warface, the company held offices in Budapest, Hungary; Sofia, Bulgaria; Seoul, Korea; Shanghai, China; and Istanbul, Turkey. Crytek's co-founder and managing director, Avni Yerli, said in the release that the "changes are part of the essential steps we are taking to ensure Crytek is a healthy and sustainable business moving forward that can continue to attract and nurture our industry's top talent. The reasons for this have been communicated internally along the way. "Our focus now lies entirely on the core strengths that have always defined Crytek -- world-class developers, state-of-the-art technology and innovative game development, and we believe that going through this challenging process will make us a more agile, viable, and attractive studio, primed for future success," he added. The studio will now focus on its CryEngine technology, which is used by many other developers and licensors. Crytek said it will also continue to "develop and work on premium IPs."

Java SE is free, but Java SE Suite and various flavors of Java SE Advanced are not, and now Oracle "is massively ramping up audits of Java customers it claims are in breach of its licenses," reports the Register. Oracle bought Java with Sun Microsystems in 2010 but only now is its License Management Services division chasing down people for payment, we are told by people familiar with the matter. The database giant is understood to have hired 20 individuals globally this year, whose sole job is the pursuit of businesses in breach of their Java licenses... Huge sums of money are at stake, with customers on the hook for multiple tens and hundreds of thousands of dollars.
Slashdot reader rsilvergun writes, "Oracle had previously sued Google for the use of Java in Android but had lost that case. While that case is being appealed, it remains to be seen if the latest push to monetize Java is a response to that loss or part of a broader strategy on Oracle's part." The Register interviewed the head of an independent license management service who says Oracle's even targeting its own partners now.

But after acquiring Sun in 2010, why did Oracle's License Management Services wait a full six years? "It is believed to have taken that long for LMS to devise audit methodologies and to build a detailed knowledge of customers' Java estates on which to proceed."

"As companies tighten their purse strings, they're spreading out their hires -- this year, and for years to come," reports Backchannel, citing interviews with executives and other workplace analysts. mirandakatz writes: Once a cost-cutting strategy, remote offices are becoming the new normal: from GitHub to Mozilla and Wordpress, more and more companies are eschewing the physical office in favor of systems that allow employees to live out their wanderlust. As workplaces increasingly go remote, they're adopting tools to keep employees connected and socially fulfilled -- as Mozilla Chief of Staff David Slater tells Backchannel, "The wiki becomes the water cooler."
The article describes budget-conscious startups realizing they can cut their overhead and choose from talent located anywhere in the world. And one group of analysts calculated that the number of telecommuting workers doubled between 2005 and 2014, reporting that now "75% of employees who work from home earn over $65,000 per year, putting them in the upper 80th percentile of all employees, home or office-based." Are Slashdot's readers seeing a surge in telecommuting? And does anybody have any good stories about the digital nomad lifestyle?

msm1267 quotes ThreatPost: The amount of insecure software tied to reused third-party libraries and lingering in applications long after patches have been deployed is staggering. It's a habitual problem perpetuated by developers failing to vet third-party code for vulnerabilities, and some repositories taking a hands-off approach with the code they host. This scenario allows attackers to target one overlooked component flaw used in millions of applications instead of focusing on a single application security vulnerability.

The real-world consequences have been demonstrated in the past few years with the Heartbleed vulnerability in OpenSSL, Shellshock in GNU Bash, and a deserialization vulnerability exploited in a recent high-profile attack against the San Francisco Municipal Transportation Agency. These are three instances where developers reuse libraries and frameworks that contain unpatched flaws in production applications... According to security experts, the problem is two-fold. On one hand, developers use reliable code that at a later date is found to have a vulnerability. Second, insecure code is used by a developer who doesn't exercise due diligence on the software libraries used in their project.
That seems like a one-sided take, so I'm curious what Slashdot readers think. Does code reuse endanger secure software development?

Though not much popular outside the technology circles, GitHub is very popular among coders around the world. The startup operates a sort of Google Docs for programmers, giving them a place to store, share and collaborate on their work. But GitHub is losing money through profligate spending and has stood by as new entrants emerged in a software category it essentially gave birth to, according to people familiar with the business and financial paperwork reviewed by Bloomberg. From the report: The rise of GitHub has captivated venture capitalists. Sequoia Capital led a $250 million investment in mid-2015. But GitHub management may have been a little too eager to spend the new money. The company paid to send employees jetting across the globe to Amsterdam, London, New York and elsewhere. More costly, it doubled headcount to 600 over the course of about 18 months. GitHub lost $27 million in the fiscal year that ended in January 2016, according to an income statement seen by Bloomberg. It generated $95 million in revenue during that period, the internal financial document says. The income statement shows a loss of $66 million in the first three quarters of this year. That's more than twice as much lost in any nine-month time frame by Twilio Inc., another maker of software tools founded the same year as GitHub. At least a dozen members of GitHub's leadership team have left since last year.