An anonymous reader allegedly quoting an email from Code.org, claims that the database of the non-profit organization has been breached: Some personal data was accessed on our web site by a firm exploiting a client-side vulnerability. Your email address and your location, if you provided it, were compromised and may have been read. The exploit was limited to engineers and others who volunteered to help in classrooms. No student or teacher accounts were impacted, nor passwords or additional information. The exploit did not give hackers access to any of our servers. Earlier this week, a volunteer engineer told us he received an unsolicited recruiting email from a technical freelancing firm in Singapore. We determined the firm was able to retrieve the volunteer's private email address by exploiting a client-side vulnerability on our volunteer map. We've since had 6 similar cases reported. We've fixed the problem, and all private data was secured against future attacks late Friday. We also inspected and secured the rest of our site from similar vulnerabilities. Code.org has confirmed to Slashdot that it has indeed suffered a breach. The non-profit separately wrote in a blog post that a Singapore-based recruiting firm had exploited a vulnerability on its website to send emails to Code.org members. Following is an email sent by the recruiting firm to Hadi Partovi, CEO, Code.org. "Sorry about this... our intention was we thought it'd be good to get them more opportunities to improve their own Computer Science skills beyond the opportunities available in their geographical boundaries / location. We've told our team to stop this with immediate effect. No one should be receiving anymore e-mails from us from this point onwards. You have my word that we will delete their email addresses from our mailing lists. They should not receive anymore emails from us."

An anonymous reader writes: A faulty security patch has left Java users vulnerable to attacks in the past two years, researchers from Polish security firm Security Explorations are claiming. The issue in question is CVE-2013-5838, which was discovered and patched in October 2013. Two years later, going back over their researcher, the same security researchers have now discovered that Oracle had not only misclassified its impact but also botched the fix. In a Full Disclosureexposé, the researcher says that changing four characters in the company's original proof-of-concept code allowed them to exploit the flaw, despite Oracle's patch.

mmoorebz writes: Netflix is known as a place to binge watch television, but behind the scenes, there's a lot that goes on before everyone's favorite show can be streamed. The first step to deploying an application or service is building. Netflix created Nebula, a set of plugins for the Gradle build system, that "help with the heavy-lifting around building applications," said the engineers. Once the code has been built and tested locally using Nebula, the team pushes the updated source code to a Git repository. Every deployment at Neflix begins with the creation of an Amazon Machine Image, and to generate them from source, Netflix created what it calls "the Bakery." It exposes an API that facilitates the creation of AMIs globally, according to the blog. When it comes time to deploy and after the "baking" is complete, teams will use Spinnaker to manage multi-region deployments, canary releases, and red/black deployments. Netflix is continuing to look at the developer experience and determine how it can improve.

jones_supa writes: id Software is well known for publicly releasing the source code of its old first-person-shooter games. Now Croteam is joining the club by releasing the source code of the engine of the very first Serious Sam game. It's the very same engine that the company used for Serious Sam Classic: The First Encounter and The Second Encounter. Croteam's Vyacheslav Nikitenko, who worked on the source code and prepared Serious Engine v.1.10 for this release, had this to say: "Historically, this version of Serious Engine is very important for Croteam and for me personally. I created several mods for Serious Sam back in the day, before even starting the work on the source code, and it was a great tool for learning. And it's even better today! Obviously, Serious Engine v1.10 won't produce top-notch graphics, but the source code is very well commented, easy to modify, and there are lots of user generated mods out there. This version has everything you need to build your own game – or just experiment. If you're looking to get started, just download the files from GitHub and head over to SeriousZone, it has a great community and lots of tutorials." Happy hacking! (And here's a video with some game play that shows what this engine can do.)

HughPickens.com writes: David Streitfeld writes in the NYT that cities do not usually cheer the downfall or even the diminishment of the hometown industry, but the relationship between San Francisco and the tech community has grown increasingly tense as the consequences for people who do not make their living from technology become increasingly unpleasant. "It's practically a ubiquitous sentiment here: People would like a little of the air to come out of the tech economy," says Aaron Peskin. "They're like people in a heat wave waiting for the monsoon." Signs of distress are plentiful. The Fraternite Notre Dame's soup kitchen was facing eviction after a rent increase of nearly 60 percent. Two eviction-defense groups were evicted in favor of a start-up that intended to lease the space to other start-ups. The real estate site Redfin published a widely read blog post that said the number of teachers in San Francisco who could afford a house was exactly zero. "All the renters I know are living in fear," says Derrick Tynan-Connolly. "If your landlord dies, if your landlord sells the building, if you get evicted under the Ellis Act" — a controversial law that allows landlords to reclaim a building by taking it off the rental market — "and you have to move, you're gone. There's no way you can afford to stay in San Francisco."

An anonymous reader writes: For the last 17 years, the American not-for-profit MITRE Corporation has been editing and maintaining the list of Common Vulnerabilities and Exposures (CVEs). According to a number of researchers, MITRE has lately been doing a lousy job when it comes to assigning these numbers, forcing researchers to do without them or to delay public disclosure of vulnerabilities indefinitely. The problem is getting worse by the day, and the situation has spurred Kurt Seifried, a "Red Hat Product Security Cloud guy" and a CVE Editorial Board member, to create a complementary system for numbering vulnerabilities.

whoever57 writes: A California jury in one of the cases between Synopsys and Atoptech found copyright infringement in Atoptech's use of the "Primetime commands". These companies compete in the field of EDA ("Electronic Design Automation") software: software that is used by semiconductor companies to design ICs. The Primetime commands are merely an interface. Atoptech has their own implementation of the functionality that these commands [provide]. This can be seen as similar to the Oracle vs. Google lawsuit, in which an appeals court has found that providing a similar interface (via header files) can constitute copyright infringement. Naturally, there will be appeals in this case.

An anonymous reader writes: MIT researchers have created an algorithm that analyzes web pages and creates dependency graphs for all network resources that need to be loaded (CSS, JS, images, etc.). The algorithm, called Polaris, will be presented this week at the USENIX Symposium on Networked Systems Design and Implementation conference, and is said to be able to cut down page load times by 34%, on average. The larger and more resources a web page contains, the better the algorithm's efficiency gets -- which should be useful on today's JavaScript-heavy sites.

Google is releasing Android N Preview to developers today. The early release is meant to collect feedback sooner than usual, and even includes a new way to download the update. Instead of installing a drive image, you can participate in an Android Beta Program that installs pre-release versions over the air (as long as you have a relatively recent Nexus device or the Pixel C). The biggest attraction, by far, is a new multi-window mode, which lets you use split-screen modes on phones and tablets, and even specify minimum allowable dimensions. There's even a picture-in-picture video mode, too, so you can keep watching YouTube while you message your friends. Other improvements in the preview include direct reply notifications that let you reply to a message right from an alert, iOS-style. Also, Android N optionally bundles notifications from the same app so that they don't clutter your view. Marshmallow's Doze feature has been improved to save battery life whenever the screen turns off, and coders can take advantage of Java 8 features. Google is also working to reduce the memory needs of Android via Project Svelte, allowing the Android OS to run smoothly on lower specced devices.

shutdown -p now writes: Microsoft has released the first public preview of RTVS (R Tools for Visual Studio), an extension for Visual Studio that adds support for the R (GNU S) programming language. The product is open source, and while most of the code is under the MIT license, some components are GPLv2, in accordance with the R license. That's not the first time this week (or this year) that Microsoft's open source efforts have been front-page news; with its new role in the Eclipse Foundation, too, the company's angling toward being one of the largest open source companies around, even if that's a small part of its business model. Update: 03/09 19:03 GMT by T : Speaking of which: reader Salgak1 writes with his first submission, linking the Register's report that Microsoft has released a Debian-based Linux distro, called SONIC. "It is optimized for network switching, and apparently is a localized version of the "Azure Cloud Switch" released into the Azure cloud hosting system. Question is, is it just another Microsoft "Embrace, Extend. Extinguish" strategy in action?"

dcblogs writes: Evans Data Corp., in a survey of 550 software developers, asked them about the most worrisome thing in their careers. A plurality, 29%, chose this answer: "I and my development efforts are replaced by artificial intelligence." Surprisingly, this concern about A.I. topped the second-most identified worry, which was that the platform the developer is working on will become obsolete (23%), or doesn't catch on (14%). Concerns about A.I. replacing software developers has academic support. A study by Oxford University, The Future of Employment, warned that the work of software engineers may soon become computerized. Machine learning advances allow design choices that can be optimized by algorithms. According to Janel Garvin, CEO of Evans Data, the thought of obsolescence due to A.I., "was also more threatening than becoming old without a pension, being stifled at work by bad management, or by seeing their skills and tools become irrelevant."

alphadogg writes to note that just a day after announcing it would be bringing SQL Server to Linux, "Microsoft has announced that it is joining the Eclipse Foundation, an open source community for developers launched more than 10 years ago." Microsoft, which notes that it has worked with the Eclipse Foundation for years "to improve the Java experience across our portfolio of application platform and development services," made the announcement to attendees at EclipseCon, going on in Reston, Va., this week.

StewBeans writes: Finding and keeping IT talent is getting increasingly competitive and expensive. A recruiter for Bay Area and Seattle tech companies said in a recent New York Times article about the cloud computing skill gap. "Someone working deep inside Amazon is getting five to 20 recruiting offers a day. Compensation has doubled in five years." Beyond steep salary and benefits packages, the resources to train new IT talent is wasted if they jump ship for the next best offer. That's why some IT executives are focusing talent management inward and investing in their current employees who are loyal and eager to learn, adapt, and grow with their company. Curt Carver, CIO for the University of Alabama at Birmingham, said that this approach led him to do away with the 10-year IT org chart and remain more agile as technology needs change. He argues that 18-month org charts and constant training are the new reality for IT, providing this example: "If you go back a couple of years ago, we were heavily involved in the storage business. Now I can buy unlimited storage from the cloud. I don't need a lot of people doing storage. In fact, I may only need one. Everybody else, I'm willing to retrain you, but you're going to be doing mobile, or you're going to be doing business intelligence, or you're going to be helping our organizations do gap analysis."

Seattle software developer Saul Pwanson has a hobby of developing crossword puzzles, but another related hobby, too: analyzing the way that existing puzzles have been constructed. He created a database that aggregates puzzles that have appeared in various publications, including, crucially, the New York Times and USA Today, and sorts them based on similarities. Puzzles that have a greater percentage of the same black squares, or the same letters in identical positions, are ranked as more similar. Crosswords often re-use answers; puzzle-solvers are used to encountering some of the usual glue words that connect parts of the grid. As 538 reports, though, Pwanson noticed something odd in the data: Many of the puzzles that appeared in USA Today and affiliated publications, listed under various creators' names but all published under Timothy Parker as editor, were highly similar to each other, differing in as little as four answer words. These Pwanson classifies as "shoddy" -- they seem to be about as different as test responses based on a passed-around answer sheet. These seem to shortchange readers expecting original works, but may represent no real copyright problem, since Universal Uclick holds the copyright to them all. Perhaps puzzle enthusiasts aren't surprised that a publishing syndicate economizes on crosswords with slight variations, or that horoscopes are sometimes recycled.

However, another tranche of puzzles Pwanson calls "shady": these are puzzles that bear such strong resemblance in their central clues and answers to puzzles that have appeared in the New York Times that it's very hard to accept Parker's claim that the overlap is coincidental. In one example given, for instance, the answers "Drive Up the Wall," "Get On One's Nerves," and "Rub the Wrong Way" appeared in the same order and the same position in a Parker-edited puzzle that appeared in USA Today in June 2010 as they had in a Will Shortz-edited puzzle published nine years before in the New York Times.

An anonymous reader writes: After almost a year of development, bug fixing and cleanup, BorgBackup 1.0.0 has been released. BorgBackup is a fork of the Attic-Backup project — a deduplicating, compressing, encrypting and authenticating backup program for Linux, FreeBSD, Mac OS X and other unixoid operating systems (Windows may also work using CygWin, but that is rather experimental/unsupported). It works on 32bit as well as on 64bit platforms, x86/x64 and ARM CPUs (maybe as well on others, but these are the tested ones). For Linux, FreeBSD and Mac OS X, there are single-file binaries which can be just copied onto a system and contain everything needed (Python, libraries, BorgBackup itself). Of course, it can be also installed from source. BorgBackup is FOSS (BSD License) and implemented in Python 3 (91%), speed critical parts are in C or Cython (9%).

An anonymous reader writes: Hundreds of different data-hacking events are being held around the globe this weekend to celebrate International Open Data Day. It's the fifth installment of an annual event promoting government data-sharing with a series of loosely joined hackathons, "to show support for and encourage the adoption of open data policies by the world's local, regional and national governments," according to the event's web site. "Data science is a team sport," says Megan Smith, the former Google executive turned U.S. CTO, who points out over 200,000 new federal data sets have been opened to the public since 2009 on Data.gov. Each hackathon will culminate with a demo or brainstorm proposal that can be shared with the other participating groups around the world.

New submitter Kurast writes with this article at Boing Boing: Code is speech: critical court rulings from the early history of the Electronic Frontier Foundation held that code was a form of expressive speech, protected by the First Amendment. The EFF has just submitted an amicus brief in support of Apple in its fight against the FBI, representing 46 "technologists, researchers and cryptographers," laying out the case that the First Amendment means that Apple can't be forced to utter speech to the government's command, and they especially can't be forced to sign and endorse that speech. In a "deep dive" post, EFF's Andrew Crocker and Jamie Williams take you through the argument, step by step. (You can follow along by reading the brief itself (PDF), too.)

HughPickens.com writes: Ben Popper writes at The Verge that bitcoin's nightmare scenario has come to pass as the bitcoin network reached its capacity, causing transactions around the world to be massively delayed, and in some cases to fail completely. The average time to confirm a transaction has ballooned from 10 minutes to 43 minutes. Users are left confused and shops that once accepted Bitcoin are dropping out. For those who want the Bitcoin system to continue to grow and thrive, this is troubling. Merchants can't rely on digital transactions that can take minutes or hours to validate. A number of prominent voices in the Bitcoin community have been warning over the past year that the system needed to make fundamental changes to its core software code to avoid being overwhelmed by the continued growth of Bitcoin transactions. A schism has developed between the team in charge of the original codebase for Bitcoin, known as Core, and a rival faction pushing its own version of that open source code with a block size increase added in, known as Classic. "Many in the US Bitcoin community had hoped that hitting this crisis point — a network maxed out, transactions faltering — would result in closure, with miners quickly moving to adopt whichever chain proved more valuable to their economic interests," says Popper. "But so far the debate is dragging on without one side claiming a clear victory, leaving tens of thousands of consumer transactions stranded in limbo."

theodp writes: On Friday, a paper entitled Creative Computation in High School will be presented at SIGCSE '16. "In this paper," explain the paper's authors, "we describe the success of bringing Creative Computation via Processing into two very different high schools...providing a catalyst for significant increases in total enrollment as well as female participation in high school computer science." One of the two schools that participated in the National Science Foundation-supported project — see NSF awards 1323305 & 1323463 for Creative Computation in the Context of Art and Visual Media — was Sidwell Friends School, which a 2013 SMU news release on the three-year, $500K NSF grant noted was best known as the school attended by President Obama's daughters. Interestingly, in a late-2014 interview, the President lamented that his daughters hadn't taken to coding the way he'd like, adding that "part of what's happening is that we are not helping schools and teachers teach it in an interesting way." Hey, nothing that a $4B 'Computer Science For All' K-12 Program can't fix, right?

An anonymous reader writes: At social media startup Buffer, a single leadership decision eliminated salary negotiation for new employees, preempted gender-based salary discrimination, and prompted a flood of job applications. The decision? Make all employee salaries transparent. "We set down transparency as a core value for the company," CEO Joel Gascoigne said in 2014. "And then, once we'd done that, we went through everything. And salaries was one of those key things that we found that [made us] question ourselves: 'Why are we not transparent about this?'" Years later, the policy is still in place (go ahead and calculate your salary as a would-be Buffer employee) — and it presents a fascinating case study for anyone interested in the ways open organizations approach a rather prickly subject: transparency.