msm1267 quotes a report from Threatpost: Three dozen global enterprises have been breached by attackers who exploited a single, mitigated vulnerability in SAP business applications. The attacks were carried out between 2013 and are ongoing against large organizations owned by corporations in the United States, United Kingdom, Germany, China, India, Japan, and South Korea, spanning 15 critical industries, researchers at Onapsis said today. [The DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University also published an alert this morning, the first in its history for SAP applications.] The severity of these attacks is high and should put other organizations on notice that are running critical business processes and data through SAP Java apps. The issue lies in the Invoker Servlet, which is part of the standard J2EE specification and enables developers to test custom Java applications. When it is enabled, developers and users can call these servlets over the Internet directly without authentication or authorization controls. Attackers, however, can take advantage of this same functionality to exploit these business critical systems.

An anonymous reader has shared an interesting article that talks about one of the most common challenges faced by novice developers: "I know how to program, but I don't know what to program." The author of the article also shares his views on some of the most common solutions for that problem: "do programming challenges", "contribute to an open source project", or "make a game." From the post: Doing programming challenges is good mental practice, but they do little to help someone learn how to create a new program. Contributing to an open source project is a step up. You might learn about how a real project is structured and improve your skill with the programming language, but you won't learn much about the full lifecycle of a project. Some projects are very complex too which can be intimidating for a novice. Making a game is another step up. Games are fun! I started by programming games in QBASIC. The same dilemma arises though. "I want to make a game, but I don't know what to make." The author advises these beginners to try rewriting a library which already exists (despite this being considered as a prohibited practice by many). Developers should also not wait to get the "best idea" before they begin writing it, the author adds. From the post: I've seen the same mentality with musicians. Trying to create a masterpiece on their first attempt, putting all their energy into one song and not seeing a bigger picture. The bigger picture being, you will write LOTS of songs over time, not just one!

HughPickens.com writes: More than one million Americans live with Type 1 diabetes, an autoimmune condition in which the pancreas stops producing insulin, a hormone needed to turn sugar into energy. Now Kate Linebaugh writes at the WSJ that Jason Calabrese, a software engineer, followed instructions that had been shared online to hack an old insulin pump so it could automatically dose the hormone in response to his son's blood-sugar levels. The Calabreses aren't alone. More than 50 people have soldered, tinkered and written software to make such devices for themselves or their children. Initially, Calabrese worried about the safety of the do-it-yourself project. He built it over two months, and spent weeks testing. At first, he only tried it out on his son on weekends and at night. Once it performed well enough, he said it felt irresponsible not to use it on his 9-year-old son. "Diabetes is dangerous anyway. Insulin is dangerous. I think what we are doing is actually improving that and lowering the risk," says Calabrese. The home-built project that the Calabreses followed is known as OpenAPS. The only restriction of the project is users have to put the system together on their own. As long as the people tinkering with their insulin pumps aren't selling or distributing them, the FDA doesn't have a legal means to stop it. The system involves an outdated insulin pump that communicates with a small radio stick connected to a continuous glucose monitor, a computer motherboard and a battery pack. It is an outgrowth of another open-source project where caregivers developed software to remotely monitor blood-sugar levels. The size of the homemade system varies, and the one that Calabrese carries has come down from the size of a small shoebox to that of a headphone case. He wears his insulin pump and glucose monitor on his belt. "It is clearly for people who have some expertise in computer programming," says Bruce Buckingham. "What it shows is that people are anxious to get something going."

In late April, it was reported there would be a huge new 'Panama Papers' data dump on May 9th. The report did not disappoint as today the Panama Papers affair has widened, with a huge database of documents relating to more than 200,000 offshore accounts posted online. The database can be accessed at offshoreleaks.icij.org. The papers were leaked by a source known as "Jony Doe," and the papers belonged to the Panama-based law firm Mossack Fonseca. The International Consortium of Investigative Journalists (ICIJ) decided to make the database public despite a "cease and desist" order issued by the law firm.

Slashdot reader smugfunt shares a blog post from systems scientist George Mobus: "There is a fundamental language of systems that provides a way to describe both structures and functions that is universal across any kind of system... I am nearing completion of the basic specification of the language and will be presenting my results at the next ISSS conference in Boulder CO this July... This language, which I formally call SL, but privately call "systemese", is like the machine language of the universe. Any system you choose to analyze and model can be described in this language...!

The beauty of the approach is that the end product of analysis is a compilable program that is the model of the system. The language does not just cover dynamics (e.g. system dynamics), or agents (agent-based), or evolutionary (e.g., genetic algorithms) models. It incorporates all of the above plus real adaptivity and learning (e.g. biological-like), and real evolvability (as when species or corporations evolve in complex non-stationary environments)... Systemese and mentalese (the language of thought), a concept advanced by philosopher of mind Jerry Fodor, are basically one in the same! That is, our brains, at a subconscious level, use systemese to construct our models of how the world works.

Slashdot reader RockDoctor brings an update on a project to build Babbage's Analytical Engine: Between 1822 and 1847, Charles Babbage worked on a number of designs for general-purpose programmable computing engines, some parts of which were built during his lifetime and after. Since 2011 a group under the name of "Plan-28" have been working towards building a full version of the machine known as the Analytical Engine. (The group's name refers to the series of Babbage's plans which they are working to -- versions 1 to 27 obviously having problems.) This week, they've released some updates on progress on their blog. Significant progress includes working on the machine's "internal microcode" (in today's terminology; remember, this is a machine of brass cogs and punched cards!) [and] archive work to bring the Science Museum's material into a releasable form (the material is already scanned, but the metadata is causing eyestrain). "One of the difficulties in understanding the designs is the need to reverse engineer logical function from mechanical drawings of mechanisms -- this without textual explanation of purpose or intention..." Progress is slow, but real.

Last year marked the bicentennial of Ada Lovelace, who wrote programs for the Analytical Engine and it's predecessor, the Difference Engine, and whose position as "the world's first programmer" is celebrated in the name of the programming language Ada.

An anonymous reader quotes a report from SlashGear: NASA has released a bunch of patents for its technologies so that anyone can use them. A total of 56 'formerly-patented' technologies developed by the government are now available in the public domain, meaning they can be used for commercial purposes in an unrestricted manner. To make it easier to find these technologies and others like them, NASA has also created a new searchable database that links the public to thousands of the agency's now-expired patents. According to NASA, the patents it has released may have non-aerospace applications that could help companies with commercial projects underway. Of the 56 formerly-patented technologies, users will find things like methods of propulsion, thrusters, rocket nozzles, advanced manufacturing processes, and more. NASA is "encouraging entrepreneurs to explore new ways to commercial NASA technologies," says NASA executive Daniel Lockney. Here's a direct link to search the database to your heart's content.

An anonymous reader quotes a report from The Guardian: The whistleblower behind the Panama Papers broke their silence on Friday to explain in detail how the injustices of offshore tax havens drove them to the biggest data leak in history. The source, whose identity and gender remain a secret, denied being a spy. The whistleblower said the leak of 11.5m documents from the Panamanian law firm Mossack Fonseca had triggered a "new, encouraging global debate," thanks to the publication last month of stories by an international consortium of newspapers, including the Guardian. The source gave Suddeutsche Zeitung leaked documents from Mossack Fonseca's internal database in real time installments. The papers included details of the beneficial owners of offshore companies, passport copies, and emails. The source said they decided to act after understanding the "scale of the injustices" the documents described. Mossack Fonseca denies wrongdoing and says its operations in Panama and elsewhere are "beyond reproach." Intriguingly, the source said they originally offered the documents to "several major media outlets." Editors reviewed the Panama Papers but in the end "chose not to cover them," they alleged. It is unclear which media organizations declined the material. The anonymous whistleblower also approached WikiLeaks -- again without success. "Even WikiLeaks didn't answer its tip line repeatedly," the source complained, adding: "The media has failed." The source used the name "John Doe" when they approached Germany's Suddeutsche Zeitung newspaper.

prisoninmate writes: Today is the last day of the Ubuntu Online Summit 2016, and the Ubuntu developers discussed the future of the Ubuntu Desktop for Ubuntu 16.10 (Yakkety Yak) and beyond. It looks like Snaps (Snappy) and Unity 8 with Mir are slowly conquering the Ubuntu Desktop, at least according to Canonical's Will Cooke, Ubuntu Desktop Manager. Work has already begun on pushing these new and modern technologies to the Ubuntu Desktop, as Ubuntu 16.04 LTS has just received support for installing Snaps from the Ubuntu Snappy Store. Canonical's Will Cooke has mentioned the fact that the Unity 7 desktop enters its twilight years, which means that it gets fewer features and it's being reduced to only critical and OEM work. This is because Unity 8 desktop is getting all the attention now, and it will become the default desktop session somewhere after Ubuntu 16.10 (Yakkety Yak).

Donald Robertson, writing for Free Software Foundation: Proprietary JavaScript is a threat to all users on the Web. When minified, the code can hide all sorts of nasty items, like spyware and other security risks. [...] On March 1st, 2016, the Copyright Office announced a call for comments on an update to their technology infrastructure. We submitted a comment urging them to institute a policy that requires all software they develop and distribute to be free software. Further, we also urged them to not require people to run proprietary software in order to communicate or submit comments to them. Unfortunately, once again, the Copyright Office requires the use of proprietary JavaScript in order to submit the comment and they are only accepting comments online unless a person lacks computer or Internet access. [...] The most absurd part of all this is that other government agencies, while still using Regulations.gov, are perfectly capable of offering alternatives to submission.

An anonymous reader writes: Facebook has paid $10,000 to a 10-year-old hacker who discovered how one could hack into Instagram and delete comments made by users. Speaking to local publication Iltalehti, Jani said: "I would have been able to eliminate anyone, even Justin Bieber." The Finnish hacker just became the youngest person to receive cash from Facebook for hacking its products. The previous record was set by a 13-year-old back in 2013. What's funny is Jani isn't technically old enough to sign-up and use Facebook or Instagram, as it's supposed to be restricted to those under the age of 13. Jani found he could alter code on Instagram's servers and force-delete users' posts. This was confirmed by Facebook using a test account and patched in February, Facebook told Forbes. Facebook has received more than 2,400 valid submissions and awarded upwards of $4.3 million to over 800 researchers since the bounty program launched in 2011.

An anonymous reader writes: Though many would say Prince changed the world through his music, the artist also took a hands-on approach to changing the world beyond music. The global superstar was the inspiration behind YesWeCode, an Oakland nonprofit, which works to help young people from minority backgrounds enter the tech world. The idea for the program came from a conversation between Prince and his friend Van Jones, who heads Rebuild the Dream charity, following the 2012 shooting of teenager Travoyn Martin. "Prince said, 'A black kid wearing a hoodie might be seen as a thug. A white kid wearing a hoodie might be seen as a Silicon Valley genius. Let's teach the black kids how to be like Mark Zuckerberg.'" Jones told CNN. The program is aiming to teach 100,000 low-income non-white teenagers how to write code, and was launched at the 20th Anniversary Essence Festival in New Orleans in 2014.

An anonymous reader writes from a report published on Tech Times: China has developed the world's first graphene electronic paper that can possibly revolutionize the screen displays on electronic gadgets such as wearable devices and e-readers. Developed by Guangzhou OED Technologies in partnership with another company in the Chongqing Province, the material is also the world's lightest and strongest material in prevalence today. It's 0.335 nanometers thick and can be used to create hard or flexible graphene displays. Graphene e-paper comes with the capability to conduct both heat and electricity, and it can supposedly enhance optical displays to a brighter level, owing to its high-light transmittance properties. What about cost? Since it's derived from carbon, graphene-based e-papers can be easily produced cost-effectively. Traditional e-papers use indium metal for their display, which is very expensive and rare to source.

An anonymous reader writes: Humble Bundle announced a special "pay what you want" sale for four ebooks from No Starch Press, with proceeds going to the Electronic Frontier Foundation (or to the charity of your choice). This "hacker edition" sale includes two relatively new titles from 2015 -- "Automate the Boring Stuff with Python" and Violet Blue's "Smart Girl's Guide to Privacy," as well as "Hacking the Xbox: An Introduction to Reverse Engineering" by Andrew "bunnie" Huang, and "The Linux Command Line".

Hackers who are willing to pay "more than the average" -- currently $14.87 -- can also unlock a set of five more books, which includes "The Maker's Guide to the Zombie Apocalypse: Defend Your Base with Simple Circuits, Arduino, and Raspberry Pi". (This level also includes "Bitcoin for the Befuddled" and "Designing BSD Rootkits: An Introduction to Kernel Hacking".) And at the $15 level -- just 13 cents more -- four additional books are unlocked. "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software" is available at this level, as well as "Hacking: The Art of Exploitation" and "Black Hat Python."
Nice to see they've already sold 28,506 bundles, which are DRM-free and available in PDF, EPUB, and MOBI format. (I still remember Slashdot's 2012 interview with Make magazine's Andrew "bunnie" Huang, who Samzenpus described as "one of the most famous hardware and software hackers in the world.")

the_newsbeagle writes: More than 2.5 exabytes of data is created every day, and some experts estimate that 90% of all data in the world today was created in the last two years. Clearly, storing all this data is becoming an issue. One idea is DNA data storage, in which digital files are converted into the genetic code of four nucleotides (As, Cs, Gs, and Ts). Microsoft just announced that it's testing out this idea, getting synthetic bio company Twist Bioscience to produce 10 million strands of DNA that encode some mystery file the company provided. Using DNA for long-term data storage is attractive because it's durable and efficient. For example, scientists can read the genome from a woolly mammoth hair dating from 20,000 years ago.

An anonymous reader writes: HTC today announced the Vive X accelerator program through which the company will invest from it's newly created $100 million VR fund. The fund aims to kickstart the VR ecosystem in support of the company's Vive VR headset. Applications for the accelerator program, which will open first in Beijing, Taipei, and San Francisco, are open today. The company says their aim is to "help cultivate, and grow the global VR ecosystem by supporting startups and providing them with expertise, special access to advanced VR technology, financial investment, mentorship and unmatched go-to-market support."

An anonymous reader quotes a report on Buzzfeed: There's trouble afoot inside the Emoji Council of Elders, or, at the very least, signs of a low-simmering schism that's being referred to by some of its participants -- perhaps with less humor than one might expect -- as "Emojigeddon." A series of frustrated emails show a deepening rift between those who adhere to the organization's original mission to code old and obscure and minority languages and those who are investing time and resources toward Unicode's newer and most popular character sets: emojis. From the article: "The correspondence offers a peek behind the scenes of the peculiar and little-known organization that's unexpectedly been tasked with building what some see as the first digital universal language." What are your thoughts of emojis? Have you embraced and intertwined them into your digital language or are you unconvinced of their ability to transcribe any kind of deep understanding?

dmleonard618 writes: The JavaScript runtime Node.js has reached version 6.0, and unlike version 5.0 this version will receive Long Term Support (LTS). LTS is meant to provide the release with long-term stability, reliability, performance and security. The LTS will begin in October. The current LTS release will go into maintenance mode and will only receive bug, security and documentation updates. Version 5.0 of Node.js will continue to be maintained for a few more months. The latest version features improved module loading, 96% of ECMAScript 2015 features, as well as reliability and security enhancements. "The Node.js Project has done an incredible job of bringing this version to life in the timeline that we initially proposed in September 2015," said Mikeal Rogers, community manager for the Node.js Foundation. "It's important for us to continue to deliver new versions of Node.js equipped with all the cutting-edge JavaScript features to serve the needs of developers and to continue to improve the performance and stability enterprises rely on."

snydeq writes: InfoWorld's Dan Tynan offers an inside look at how high-tech software vendors such as Adobe, Oracle, and IBM play hardball over software licensing, pushing customers to "true up" to the tune of billions of dollars per year -- and using the threat of audits as a sales tool to close lucrative deals. "When it comes to software audits, the code of omerta prevails," Tynan writes. "It's not a question of whether your organizations' software licenses will get audited. It's only a question of when, how often, and how painful the audits will be. The shakedown is such a sure thing that nearly every customer we contacted asked us to keep their names out of this story, lest it make their employers a target for future audits."

The online programming school Tech Rocket just published a new interview with Guido van Rossum, the creator of Python. "Looking back I don't think I ever really doubted Python, and I always had fun," he tells the site. "I had a lot of doubts about myself, but Python's ever-increasing success, and encouragement from people to whom I looked up (even Larry Wall!), made me forget that."

He describes what it's like being Python's Benevolent Dictator for Life, and says that the most astonishing thing he's seen built with Python is "probaby the Dropbox server. Two million lines of code and counting, and it serves hundreds of millions of users." And he leaves aspiring programmers with this advice. "Don't do something you don't enjoy just because it looks lucrative -- that's where the competition will be fiercest, and because you don't enjoy it, you'll lose out to others who are more motivated."