An anonymous reader quotes a report from Business Insider: A new study out Tuesday in the journal Environmental Science and Technology Letters looked at a national database that monitors chemical levels in drinking water and found that 6 million people were being exposed to levels of a certain chemical that exceed what the Environmental Protection Agency considers healthy. The chemicals, known as poly- and perfluoroalkyl substances, or PFASs, are synthetic and resistant to water and oil, which is why they're used in things like pizza boxes and firefighting foam. They're built to withstand the environment. But PFASs also accumulate in people and animals and have been observationally linked to an increased risk of health problems including cancer. And they can't be easily avoided, like with a water filter, for example. You can view the chart to see the tested areas of the U.S. where PFASs exceed 70 ng/L, which is what's considered a healthy lifetime exposure.

dwheeler writes: The U.S. federal government just released a new Federal Source Code policy (PDF). For each of the next 3 years, at least 20 percent of custom-developed Federal source code is to be released as open-source software. Earlier this year, Tony Scott, Federal CIO of the U.S. government, wrote on the White House blog that the U.S. government "can save taxpayer dollars by avoiding duplicative custom software purchases and promote innovation and collaboration across Federal agencies." Today, they released the Federal Source Code policy. TechCrunch reports: "The main requirement is that any new custom source code developed 'by or for the Federal Government' has to be made available for sharing and re-use by all Federal agencies. For example, this means that the TSA can have access to custom made software that was commissioned by the FBI. Considering there is probably a great deal of overlap in applications needed by certain branches of the Federal Government, this rule alone should save the government (and taxpayers) a great deal of money. In fact, the policy states that 'ensuring Government-wide reuse rights for custom code that is developed using Federal funds has numerous benefits for American taxpayers.'"

schwit1 quotes a report from Motherboard: By itself, the ability to instantly identify anyone just by seeing their face already creates massive power imbalances, with serious implications for free speech and political protest. But more recently, researchers have demonstrated that even when faces are blurred or otherwise obscured, algorithms can be trained to identify people by matching previously-observed patterns around their head and body. In a new paper uploaded to the ArXiv pre-print server, researchers at the Max Planck Institute in Saarbrucken, Germany demonstrate a method of identifying individuals even when most of their photos are un-tagged or obscured. The researchers' system, which they call the "Faceless Recognition System," trains a neural network on a set of photos containing both obscured and visible faces, then uses that knowledge to predict the identity of obscured faces by looking for similarities in the area around a person's head and body. As for the accuracy of the system, "even when there are only 1.25 instances of the individual's fully-visible face, the system can identify an obscured face with 69.6 percent accuracy; if there are 10 instances of an individual's face, it increases to as high as 91.5 percent."

Brian Krebs reports: A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle's MICROS point-of-sale credit card payment systems. Asked this weekend for comment on rumors of a large data breach potentially affecting customers of its retail division, Oracle acknowledged that it had "detected and addressed malicious code in certain legacy MICROS systems." It also said that it is asking all MICROS customers to reset their passwords for the MICROS online support portal. MICROS is among the top three point-of-sale vendors globally. Oracle's MICROS division sells point-of-sale systems used at more than 330,000 cash registers worldwide. When Oracle bought MICROS in 2014, the company said MICROS's systems were deployed at some 200,000+ food and beverage outlets, 100,000+ retail sites, and more than 30,000 hotels.

Slashdot reader DERoss writes: Effective 1 August, the U.S. Social Security Administration (SSA) requires users who want to access their SSA accounts to use two-factor authentication. This involves receiving a "security" code via a cell phone text message. This creates two problems. First of all, many seniors who depend on the Social Security benefits to pay their living costs do not have cell phones [or] are not knowledgeable about texting.

More important, cell phone texting is NOT secure. Text messages can be hacked, intercepted, and spoofed. Seniors' accounts might easily be less secure now than they were before 1 August... This is not because of any law passed by Congress. This is a regulatory decision made by top administrators at SSA.
In addition, Krebs on Security reports that the new system "does not appear to provide any additional proof that the person creating an account at ssa.gov is who they say they are" and "does little to prevent identity thieves from fraudulently creating online accounts to siphon benefits from Americans who haven't yet created accounts for themselves." Users are only more secure after they create an account on the social security site -- and Krebs also notes that ironically, the National Institute for Standards and Technology already appears to be deprecating the use of SMS-based two-factor authentication.

New submitter altnuc writes: Two thieves in Houston stole more than 30 Jeeps by using a laptop and a stolen database. The thieves simply looked up the vehicles' VIN numbers in a stolen database, reprogramed a generic key fob, started the cars, and drove away. Chrysler has confirmed that more than 100 of their vehicles have been stolen in the Houston area since November. Chrysler/Jeep owners should always make sure their vehicles are locked! The Wall Street Journal issued a report in July with more details about how hackers are able to steal cars with a laptop. The whole process takes roughly 6 minutes. CrimeStopHouston has posted a video on YouTube of one of the thieves in action.

An anonymous reader quotes a report from GeekWire: Machine learning and artificial intelligence startup Turi has been acquired by Apple in a deal characterized as a blockbuster exit for the Seattle-based company, formerly known as Dato and GraphLab, GeekWire has learned. The acquisition reflects a larger push by Apple into artificial intelligence and machine learning. It also promises to further increase the Cupertino, Calif.-based company's presence in the Seattle region, where Apple has been building an engineering outpost for the past two years. Multiple sources with knowledge of the deal confirmed that Turi has been acquired. Sources close to the deal pegged the purchase price at around $200 million, marking a huge outcome for the original investors and early shareholders. Apple's plans for Turi's technology are not clear, but the company has been making a broad push into artificial intelligence through an expansion of its Siri personal assistant and related technologies. Turi lets developers build apps with machine learning and artificial intelligence capabilities that automatically scale and tune. Its products -- which include the Turi Machine Learning Platform, GraphLab Create, Turi Distributed, and Turi Predictive Services -- are largely designed to help large and small organizations make better sense of data. Use cases include recommendation engines, fraud detection, predicting customer churn, sentiment analysis, and customer segmentation.

Dami Lee, writing for The Verge: Even if you didn't grow up in Asia, chances are you've had this ubiquitous Japanese snack before. Walk into most grocery stores in America and you'll find a box of Pocky, and in multiple flavors like strawberry and green tea if your supermarket is fancy. With over dozens of flavors and variations, there's a Pocky for all occasions! There's a Pocky for Men. Now, there's Pocky for kids, with an educational aspect. Pocky's maker, Glico, has made a game called Glicode (Like if Wilco made a coding game called Wilcode) that gets kids coding by having them arrange actual cookies and snacks, then snapping a photo to translate them into digital commands. Glico's other products like Almond Peak chocolates and Biscuit Cream Sands are also featured in the game, representing "if" and "sequence" commands, respectively. It's a lot like Apple's Swift Playgrounds, with simple programming tasks commanding a funny-looking blob to walk around on platform blocks. The app is only available on Android for now.

An anonymous reader writes from a report via Softpedia: "The hacking crew [PoodleCorp] that promised to launch DDoS attacks on the Pokemon GO servers on August 1 suffered a major setback, after someone hacked their site, dumped the database, and shared it with data breach index service LeakedSource," reports Softpedia. "PoodleCorp responded to LeakedSource's announcement with what they knew best, a DDoS attack." When that happened, LeakedSource started looking at the leaked data and discovered full names for three of PoodleCorp's members, saying they intend to share it with authorities. Soon after, PoodleCorp stopped the DDoS against LeakedSource and went to annoy Blizzard gamers. "It's a terrible idea to attack a business that knows something about virtually everybody," a LeakedSource spokesperson said.

David Heinemeier Hansson created the Ruby on Rails open-source web framework in 2003. David is also the founder and CTO of Basecamp, a project management tool that's been used by more than 15 million people. In addition, David is the best-selling author of REWORK, a book about starting and running businesses a better way. David has agreed to take some time to answer some of your questions.

Ask as many questions as you'd like, but please, one per comment. (And feel free to also leave your suggestions for who Slashdot should interview next.) We'll pick the very best questions -- and forward them on to David Heinemeier Hansson himself.

New submitter gwolf writes: The great educator, creator of the Logo programming language, and the enabler for computer education in the 1980s has passed away. Listing his contributions is impossible in an article summary, but the ACM has published a short in-memoriam note for him. Papert is, without exaggeration, one of the people I owe my career and life choices to.

Microsoft is now selling its augmented reality headset dubbed HoloLens to anyone in the United States or Canada for $3,000 a pop. Computerworld reports: Until now, HoloLens was available only to developers and companies through Microsoft sales reps, but starting Tuesday, anyone in the U.S. or Canada can buy up to five headsets online through the Microsoft Store. There was no word about availability in other countries. The HoloLens now on sale is the same developer edition that has been offered to Microsoft partners, and buyers are asked to acknowledge before completing purchase that they understand it's not a finished product intended for consumers. Microsoft also asks buyers to agree not to resell the product and acknowledge that no refunds are available. The move should expand the community of developers working to build apps and other content for the headset before a consumer version is officially available.

An anonymous reader quotes Network World: U.K.-based technology analyst firm RedMonk just released the latest version of its biannual rankings of programming languages, and once again JavaScript tops the list, followed by Java and PHP. Those are same three languages that topped RedMonk's list in January. In fact, the entire top 10 remains the same as it was it was six months ago...
Python ranked #4 on RedMonk's list, while the survey found a three-way tie for fifth place between Ruby, C#, and C++, with C coming in at #9 (ranking just below CSS). Network World argues that while change comes slowly, "if you go back deeper into RedMonk's rankings, you can see slow, ongoing ascents from languages such as Go, Swift and even TypeScript."

Interestingly, an earlier ranking by the IEEE declared C to be the top programming language of 2016, followed by Java, Python, C++, and R. But RedMonk's methodology involves studying the prevalence of each language on both Stack Overflow and GitHub, a correlation which "we believe to be predictive of future use, hence their value."

Peiter "Mudge" Zatko and his wife, Sarah, a former NSA mathematician, have started a nonprofit in the basement of their home "for testing and scoring the security of software... He says vendors are going to hate it." Slashdot reader mspohr shares an article from The Intercept: "Things like address space layout randomization [ASLR] and having a nonexecutable stack and heap and stuff like that, those are all determined by how you compiled [the source code]," says Sarah. "Those are the technologies that are really the equivalent of airbags or anti-lock brakes [in cars]..." The lab's initial research has found that Microsoft's Office suite for OS X, for example, is missing fundamental security settings because the company is using a decade-old development environment to build it, despite using a modern and secure one to build its own operating system, Mudge says. Industrial control system software, used in critical infrastructure environments like power plants and water treatment facilities, is also primarily compiled on "ancient compilers" that either don't have modern protective measures or don't have them turned on by default...

The process they use to evaluate software allows them to easily compare and contrast similar programs. Looking at three browsers, for example -- Chrome, Safari, and Firefox -- Chrome came out on top, with Firefox on the bottom. Google's Chrome developers not only used a modern build environment and enabled all the default security settings they could, Mudge says, they went "above and beyond in making things even more robust." Firefox, by contrast, "had turned off [ASLR], one of the fundamental safety features in their compilation."
The nonprofit was funded with $600,000 in funding from DARPA, the Ford Foundation, and Consumers Union, and also looks at the number of external libraries called, the number of branches in a program and the presence of high-complexity algorithms.

If any of you use mailing list archive Gmane, you would want to start looking at its alternative. Gmane developer Lars Ingebrigtsen announced Thursday that he is thinking about ending the decade-old email-to-news gateway. But first, for those unaware about Gmane, here's is what it does: It allows users to access electronic mailing lists as if they were Usenet newsgroups, and also through a variety of web interfaces. Gmane is an archive; it never expires messages (unless explicitly requested by users). Gmane also supports importing list postings made prior to a list's inclusion on the service.Ingebrigtsen said Gmane machines are under numerous DDoS attacks -- coupled with some other issues -- that have made him wonder whether it is worth the time and effort to keep Gmane ticking. He writes: I'm thinking about ending Gmane, at least as a web site. Perhaps continue running the SMTP-to-NNTP bridge? Perhaps not? I don't want to make 20-30K mailing lists start having bouncing addresses, but I could just funnel all incoming mail to /dev/null, I guess... The nice thing about a mailing list archive (with NNTP and HTTP interfaces) is that it enables software maintainers to say (whenever somebody suggests using Spiffy Collaboration Tool of the Month instead of yucky mailing lists) is "well, just read the stuff on Gmane, then". I feel like I'm letting down a generation here.As Gmane's future remains uncertain, Ingebrigtsen recommends people to have a look at Mail Archive.

Oracle announced Thursday that it has agreed to buy NetSuite for $9.3 billion, in a move to bolster its cloud-computing offerings as it races to catch up to rivals. Both companies provide applications for running a business called enterprise-resource-planning software. Bloomberg reports: Oracle, which sells software to big corporations, has been trying to shift more sales to cloud-based products increasingly demanded by its customers. New cloud services made up about 8 percent of the company's total sales during its fiscal fourth-quarter. Buying NetSuite -- whose products include customer relationship management software -- will help Oracle compete against the likes of Salesforce.com Inc. and Microsoft Corp. "Oracle and NetSuite cloud applications are complementary, and will coexist in the marketplace forever," said Oracle co-Chief Executive Officer Mark Hurd in a statement Thursday. "We intend to invest heavily in both products -- engineering and distribution."

IEEE Spectrum, a highly regarded magazine edited by the Institute of Electrical and Electronics Engineers, has released its annual programming languages list, sharing with the world how several languages fared against each other. To assess the languages the publication says it worked with a data journalist and looked into 10 online sources -- including social chatter, open-source code production, and job postings. The publication has rated C as the top programming language this year, followed by Java, Python, C++, and R. From their article:After two years in second place, C has finally edged out Java for the top spot. Staying in the top five, Python has swapped places with C++ to take the No. 3 position, and C# has fallen out of the top five to be replaced with R. R is following its momentum from previous years, as part of a positive trend in general for modern big-data languages that Diakopoulos analyses in more detail here. Google and Apple are also making their presence felt, with Google's Go just beating out Apple's Swift for inclusion in the Top Ten. Still, Swift's rise is impressive, as it's jumped five positions to 11th place since last year, when it first entered the rankings. Several other languages also debuted last year, a marked difference from this year, with no new languages entering the rankings.The publication has explained in detail the different metrics it uses to evaluate a language.

An anonymous reader writes from a report via Softpedia: "The European Commission is proposing the creation of a database that will hold information on users of virtual currencies," reports Softpedia. "The database will record data on the user's real world identity, along with all associated wallet addresses." The database will be made available to financial investigation agencies in order to track down users behind suspicious operations. The creation of this database is part of a regulatory push that the EU got rolling after the Paris November 2015 terror attacks, and which it officially put forward in February 2016, and later approved at the start of July 2016. Legally, this is an attempt to reform the Anti-Money Laundering Directive (AMLD). The current draft is available here. The current AMLD draft reads: "The report shall be accompanied, if necessary, by appropriate proposals, including, where appropriate, with respect to virtual currencies, empowerments to set-up and maintain a central database registering users' identities and wallet addresses accessible to FIUs, as well as self-declaration forms for the use of virtual currency users."

Reader joshtops writes: Facebook needs you to fill its News Feed, Oculus Rift, and Gear VR with 360 content. So today it put all the hardware and software designs of its Surround 360 camera on Github after announcing the plan in April. Thanks to cheeky instruction manual inspired by Ikea's manuals, you can learn how to buy the parts, assemble the camera, load the image-stitching software, and start shooting 360 content. Essentially 17 cameras on a UFO-looking stick, the 360 Surround camera can be built for about $30,000 in parts. The 4-megapixel lenses can shoot 4K, 6K, or 8K 360 video, and fisheye lenses on the top and bottom remove the blindspots. Facebook forced a random engineer to try to build the 360 Surround from the open source instructions, and found it took about four hours.FastCompany has more details.

An anonymous reader writes from The Register: Vine, the six-second-video-loop app acquired by Twitter in 2012, had its source code made publicly available by a bounty-hunter for everyone to see. The Register reports: "According to this post by @avicoder (Vjex at GitHub), Vine's source code was for a while available on what was supposed to be a private Docker registry. While docker.vineapp.com, hosted at Amazon, wasn't meant to be available, @avicoder found he was able to download images with a simple pull request. After that it's all too easy: the docker pull https://docker.vineapp.com:443/library/vinewww request loaded the code, and he could then open the Docker image and run it. 'I was able to see the entire source code of Vine, its API keys and third party keys and secrets. Even running the image without any parameter, [it] was letting me host a replica of Vine locally.' The code included 'API keys, third party keys and secrets,' he writes. Twitter's bounty program paid out -- $10,080 -- and the problem was fixed in March (within five minutes of him demonstrating the issue)."