Tinder and Match have announced a new partnership with Garbo, a non-profit, female-founded background check platform. In theory, it should allow Tinder (and Match Group's other sites) to ping Garbo's database and proactively show users when it finds something they might want to be aware of. Engadget reports: If you're not familiar with Garbo, it was founded by Kathryn Kosmides, a "survivor of gender-based violence" who wanted to make it easier to find information about people you may connect with online. Garbo's platform aggregates numerous data sources to provide details on an individual, including "arrests, convictions, restraining orders, harassment, and other violent crimes." The organization's site says that often times, you don't even need a last time to find some details on an individual -- a first name and phone number will work.

As part of the deal, Garbo's platform will be available to people using Match Group apps, starting with Tinder later this year. [...] Garbo cites making ridesharing services safer as another core initiative for the non-profit in addition to working with dating services, so it wouldn't surprise us to see a similar partnership appear between Garbo and companies like Uber or Lyft -- but for now, it's starting with Tinder.

"We are uncovering better ways of developing software by doing it and helping others do it," declared the Agile Manifesto, nearly 20 years ago. "Through this work we have come to value..."

* Individuals and interactions over processes and tools
* Working software over comprehensive documentation
* Customer collaboration over contract negotiation
* Responding to change over following a plan

Today a new ZDNet article asks how far the tech industry has come in achieving the vision of its 12 principles — and why Agile is often "still just a buzzword." The challenge arises "because many come to agile as a solution or prescription, rather than starting with the philosophy that the Agile Manifesto focused on," says Bob Ritchie, VP of Software at SAIC. "Many best practices such as automated test-driven development, automated builds, deployments, and rapid feedback loops are prevalent in the industry. However, they are frequently still unmoored from the business and mission objectives due to that failure to start with why."

Still, others feel we're still nowhere near achieving the vision of the original Agile Manifesto. "Absolutely not at a large scale across enterprises," , says Brian Dawson, DevOps evangelist with CloudBees. "We are closer and more aware, but we are turning a tanker and it is slow and incremental. In start-ups, we are seeing much more of this; that is promising because they are the enterprises of the future." Agile initiatives "all too often are rolled out from, and limited to, project planning or the project management office. To support agile and DevOps transformation, agile needs to be implemented with all stakeholders."

Some organizations turn to agile "as a panacea to increase margins by cutting cost with a better, shinier development process," Ritchie cautions. "Others go even further by weaponizing popular metrics associated with agile capacity planning such as velocity and misclassifying it as a performance metric for an individual or team. In these circumstances, the promises of the manifesto are almost certainly missed as opportunities to engage and collaborate give way to finger pointing, blame, and burnout." What's missing from many agile initiatives is "ways to manage what you do based on value and outcomes, rather than on measuring effort and tasks," says Morris. "We've seen the rise of formulaic 'enterprise agile' frameworks that try to help you to manage teams in a top-down way, in ways that are based on everything on the right of the values of the Agile Manifesto. The manifesto says we value 'responding to change over following a plan,' but these frameworks give you a formula for managing plans that don't really encourage you to respond to change once you get going."

An official version of the popular 7-zip archiving program has been released for Linux for the first time. Bleeping Computer reports: Linux already had support for the 7-zip archive file format through a POSIX port called p7zip but it was maintained by a different developer. As the p7zip developer has not maintained their project for 4-5 years, 7-Zip developer Igor Pavlov decided to create a new official Linux version based on the latest 7-Zip source code. Pavlov has released 7-Zip for Linux in AMD64, ARM64, x86, and armhf versions, which users can download [via their respective links].

"These new 7-Zip binaries for Linux were linked (compiled) by GCC without -static switch. And compiled 32-bit executables (x86 and armhf) didn't work on some arm64 and amd64 systems, probably because of missing of some required .so files." "Please write here, if you have some advices how to compile and link binaries that will work in most Linux systems," Pavlov stated on his release page.

Uber and Lyft will work together to share information on US drivers and delivery people accused of physical and sexual assault to ensure those individuals are banned on both platforms, the two companies announced on Thursday in separate blog posts. Engadget reports: HireRight, a company that specializes in conducting background checks, will oversee the Industry Sharing Safety Program database. Other transportation and delivery companies in the US will have the chance to contribute and access the database as long as they adhere to the same data accuracy and privacy policies that Uber and Lyft must follow.

"We want to share this information with each other and hopefully in the near future with other companies, so that our peers in this space can be informed and make decisions for their own platforms to keep those platforms safe," Jennifer Brandenburger, Lyft's head of policy development, told NBC News. The database won't include information on victims. Additionally, the incident that landed a driver in the database will fall in broad categories.

"iCloud has had the occasional service issue, but its latest problem appears to be highly... specific," writes Engadget: Actor and author Rachel True claims iCloud has effectively locked her out of her account due to the way her last name was written. Reportedly, her Mac thought lower-case "true" was a Boolean (true or false) flag, leading the iCloud software on the computer to seize up. The problem has persisted for over six months, she said.

True said she'd spent hours talking to customer service, and that Apple hadn't stopped charging her for service. She could switch to the free tier, although she'd also lose most of her online storage if she did.
True has apparently resorted to imploring desperately in tweets to both @Apple and @AppleSupport. "Now that I a layman have explained problem to you a giant computer company, could u fix...?"

"A thing I've learned about life so far is I hate being the test case."

"When I get a dog I'm naming it Boolean Bobby Drop Tables True"

ArghBlarg (Slashdot reader #79,067) shares some research from a senior application security engineer at GitLab: Michael Henrikson describes his investigations into Go package manager "supply chain" attacks and found at least one very suspicious package, typosquatting on one of the most popular logging libraries. The imposter package phones home to an IP he alleges belongs to the Chinese company Tencent, a good case for always going over your package imports, in any language, and ensuring you're either a) auditing them regularly, or b) keeping frozen vendored copies which you can trust.
From the article: I honestly expected the list to be bigger, but I was of course happy to see that the Go ecosystem isn't completely infested (yet) with malicious typosquat packages...

It looks like the author utfave wants to know the hostname, operating system, and architecture of all the machines using their version of urfave/cli. The function extracts the system information and then calls out to the IP address 122.51.124.140 belonging to the Chinese company Shenzhen Tencent Computer Systems via HTTP with the system information added as URL parameters. While this code won't give them any access to systems, it's highly suspicious that they collect this information and the actor can quickly change this code to call back with a reverse shell if they identify a system to be valuable or interesting...

I think Go is in a better situation than other programming languages because the source of packages is always explicitly written every time they are used, but code editor automation could make typosquat attacks more likely to happen as the developer doesn't write the import paths manually as often.

InfoQ reports: Deno 1.8 recently shipped with plenty of new features, including WebGPU support, internationalization APIs, stabilized import maps, support for fetching private modules, and more. The Deno permissions API is now stable. Deno 1.8 additionally ships with TypeScript 4.2.

The release note explained the motivation behind the support for the WebGPU APIs as follows:

These days, most neural networks are defined in Python with the computation offloaded to GPUs. We believe JavaScript, instead of Python, could act as an ideal language for expressing mathematical ideas if the proper infrastructure existed. Providing WebGPU support out-of-the-box in Deno is a step in this direction. Our goal is to run Tensorflow.js on Deno, with GPU acceleration. We expect this to be achieved in the coming weeks or months.

WebGPU is an API originally proposed by Apple that exposes the GPU computation functionality available on many devices. WebGPU may provide better performance than WebGL in tasks that benefit from parallel processing — as often occurs in scientific computing, machine learning, graphics and games development...

Deno users can upgrade by running deno upgrade in a terminal.

"For a week we lost control of the Perl.com domain," a long-running site offering news and articles about the programming language, writes the site's senior editor, brian d foy.

"Now that the incident has died down, we can explain some of what happened and how we handled it." This incident only affected the domain ownership of Perl.com and there was no other compromise of community resources. This website was still there, but DNS was handing out different IP numbers...

Recovering the domain wasn't the end of the response though. While the domain was compromised, various security products had blacklisted Perl.com and some DNS servers had sinkholed it. We figured that would naturally work itself out, so we didn't immediately celebrate the return of Perl.com. We wanted it to be back for everyone. And, I think we're fully back. However, if you have problems with the domain, please raise an issue so we at least know it's not working for part of the internet.

What we think happened

This part veers into some speculation, and Perl.com wasn't the only victim. We think that there was a social engineering attack on Network Solutions, including phony documents and so on. There's no reason for Network Solutions to reveal anything to me (again, I'm not the injured party), but I did talk to other domain owners involved and this is the basic scheme they reported. John Berryhill provided some forensic work in Twitter that showed the compromise actually happened in September. The domain was transferred to the BizCN registrar in December, but the nameservers were not changed. The domain was transferred again in January to another registrar, Key Systems, GmbH. This latency period avoids immediate detection, and bouncing the domain through a couple registrars makes the recovery much harder...

Once transferred to Key Systems in late January, the new, fraudulent registrant listed the domain (along with others), on Afternic (a domain marketplace). If you had $190,000, you could have bought Perl.com. This was quickly de-listed after the The Register made inquiries.
"I think we were very fortunate here and that many people with a soft spot in their hearts for Perl did a lot of good work for us," the article notes. "All sides understood that Perl.com belonged to Tom and it was a simple matter of work to resolve it. A relatively unknown domain name might not fare as well in proving they own it..."

But again, the incident ended happily, foy writes, and "The Perl.com domain is back in the hands of Tom Christiansen and we're working on the various security updates so this doesn't happen again. The website is back to how it was and slightly shinier for the help we received."

An anonymous reader quotes a report from Ars Technica: Microsoft has released a new version of source-code editor Visual Studio Code that runs natively on Apple Silicon Macs like the MacBook Air, MacBook Pro, and Mac mini models with Apple M1 chips. The change came in Visual Studio Code 1.54 (now 1.54.1, thanks to a bug fix update), which is available as a universal 64-bit binary, as is standard for apps with Apple Silicon support. That said, Microsoft also offers downloads for x86-64 and Arm64 versions specifically, if desired.

There are no differences in features between the two versions, of course. And the non-Apple Silicon version worked just fine on M1 Macs previously via Rosetta, but Microsoft says M1 users can expect a few optimizations with the new binaries: "We are happy to announce our first release of stable Apple Silicon builds this iteration. Users on Macs with M1 chips can now use VS Code without emulation with Rosetta, and will notice better performance and longer battery life when running VS Code. Thanks to the community for self-hosting with the Insiders build and reporting issues early in the iteration." Other key features in Visual Studio Code 1.54 include the ability to retain terminal processes on window reload, performance improvements in the Windows version, product icon themes, improvements when viewing Git history timeline entries, and various accessibility improvements.

An anonymous reader quotes a report from ZDNet: Google has announced Flutter 2, a major upgrade to its framework for building user interfaces for mobile, the web and desktop. Flutter promises to allow developers to use the same codebase to build native apps for iOS, Android, Windows 10, macOS, and Linux and for the web on browsers including Chrome, Firefox, Safari or Edge. It can also be embedded in an IoT device with a screen, such as cars, TVs, and home appliances.

The move to Flutter 2 promises to benefit the over 150,000 Flutter Android apps already available on the Play Store. Every app will get a free upgrade with Flutter 2 allowing developers to target desktop and web without rewriting them. Google apps now built with Flutter include Google Pay, Stadia and Google Nest Hub among others. Flutter 2 also brings production quality support for the web, with a focus on progressive web apps (PWAs) that behave like desktop apps, single page apps, and mobile apps on the web. Google has added a new CanvasKit-powered rendering engine built with WebAssembly. For mobile web apps, in recent months it's added autofill, control over address bar URLs and routing, and PWA manifests.

For desktop browsers, it has added interactive scrollbars and keyboard shortcuts, increased the default content density in desktop modes, and added screen reader support for accessibility on Windows, macOS and ChromeOS. Google has been working with Ubuntu maker Canonical to bring Flutter to the desktop. Canonical will make Flutter the default choice for future desktop and mobile apps it creates. Microsoft is also releasing contributions to the Flutter engine that supports foldable Android devices, such as the Microsoft Surface Duo.

An anonymous reader quotes a report from Ars Technica: Over the weekend, word emerged that a hacker breached far-right social media website Gab and downloaded 70 gigabytes of data by exploiting a garden-variety security flaw known as an SQL injection. A quick review of Gab's open source code shows that the critical vulnerability -- or at least one very much like it -- was introduced by the company's chief technology officer. The change, which in the parlance of software development is known as a "git commit," was made sometime in February from the account of Fosco Marotto, a former Facebook software engineer who in November became Gab's CTO. On Monday, Gab removed the git commit from its website. Below is an image showing the February software change, as shown from a site that provides saved commit snapshots.

The commit shows a software developer using the name Fosco Marotto introducing precisely the type of rookie mistake that could lead to the kind of breach reported this weekend. Specifically, line 23 strips the code of "reject" and "filter," which are API functions that implement a programming idiom that protects against SQL injection attacks. This idiom allows programmers to compose an SQL query in a safe way that "sanitizes" the inputs that website visitors enter into search boxes and other web fields to ensure that any malicious commands are stripped out before the text is passed to backend servers. In their place, the developer added a call to the Rails function that contains the "find_by_sql" method, which accepts unsanitized inputs directly in a query string. Rails is a widely used website development toolkit.

"Sadly Rails documentation doesn't warn you about this pitfall, but if you know anything at all about using SQL databases in web applications, you'd have heard of SQL injection, and it's not hard to come across warnings that find_by_sql method is not safe," Dmitry Borodaenko, a former production engineer at Facebook who brought the commit to my attention wrote in an email. "It is not 100% confirmed that this is the vulnerability that was used in the Gab data breach, but it definitely could have been, and this code change is reverted in the most recent commit that was present in their GitLab repository before they took it offline." Ironically, Fosco in 2012 warned fellow programmers to use parameterized queries to prevent SQL injection vulnerabilities.

Microsoft today announced Power Fx, a new low-code language that "will become the standard for writing logic customization across Microsoft's own low-code Power Platform," reports TechCrunch. "[S]ince the company is open-sourcing the language, Microsoft also hopes others will implement it as well and that it will become the de facto standard for these kinds of use cases." From the report: Microsoft says the language was developed by a team led by Vijay Mital, Robin Abraham, Shon Katzenberger and Darryl Rubin. Beyond Excel, the team also took inspiration from tools and languages like Pascal, Mathematica and Miranda, a functional programming language developed in the 1980s. Microsoft plans to bring Power Fx to all of its low-code platforms, but given the focus on community, it'll start making appearances in Power Automate, Power Virtual Agents and elsewhere soon.

But the team clearly hopes that others will adopt it as well. Low-code developers will see it pop up in the formula bars of products like Power Apps Studio, but more sophisticated users will also be able to use it to go to Visual Studio Code and build more complex applications with it. As the team noted, it focused on not just making the language Excel-like but also having it behave like Excel -- or like a REPL, for you high-code programmers out there. That means formulas are declarative and instantly recalculate as developers update their code.

Results were announced this week for the fourth "official annual Python Developers Survey" of over 28,000 developers (in nearly 200 countries) conducted by the Python Software Foundation and JetBrains.

85% of the survey respondents use Python as their main programming language, InfoWorld reports: Python developers cite simplicity and ease of use as principal reasons for using the language, but they still want capabilities such as static typing and performance improvements, based on survey results released this week. Python's simple syntax, syntactic sugar, and ease of learning were the most-favored features, capturing 37% of respondents, who were asked which three features they liked the most...

Which three features would Python developers most like to see added to the language? Static typing and strict type hinting proved to be the most-desired features, with 21% of respondents, closely followed by performance improvements, with 20%. Better concurrency and parallelism came in third, with 15% saying they were their most-desired capabilities.
InfoWorld also describes some other interesting results:

• "JavaScript was the most popular language used in conjunction with Python, with about 42% of respondents using both together. 75% of web developers said they were using both Python and JavaScript."

• "Just 8% of Python developers performing data-related tasks do not use any additional languages while only 3% of web developers use only Python."

• "Use of Python 3 has grown from 75% in 2017 to 94% in 2020."

A US magistrate judge has ordered Valve to provide sales data to Apple in response to a subpoena issued amid Apple's continuing legal fight with Epic Games. From a report: In addition to some aggregate sales data for the entirety of Steam, Valve will only have to provide specific, per-title pricing and sales data for "436 specific apps that are available on both Steam and the Epic Games Store," according to the order. That's a significant decrease from the 30,000+ titles Apple for which Apple originally requested data. In resisting the subpoena, Valve argued that its Steam sales data was irrelevant to questions about the purely mobile app marketplaces at issue in the case. Refocusing the request only on games available on both Steam and the Epic Games Store makes it more directly relevant to the questions of mobile competition in the case, Judge Thomas Hixson writes in his order.

"Recall that in these related cases, [Epic] allege that Apple's 30% commission on sales through its App Store is anti-competitive and that allowing iOS apps to be sold through other stores would force Apple to reduce its commission to a more competitive level," Hixson writes in the order. "By focusing... on 436 specific games that are sold in both Steam and Epic's store, Apple seeks to take discovery into whether the availability of other stores does in fact affect commissions in the way [Epic] allege." The California judge overseeing Apple's attempts to drag Valve into an ongoing beef with Epic Games admitted that Apple "salted the Earth with subpoenas, so don't worry, it's not just you."

theodp writes: Amazon on Wednesday announced it has lined up the support of Governors and State School Superintendents from five 'key states' for a pilot that aims to reimagine the Java-based Advanced Placement Computer Science A (AP CS A) course taken by high school students for college credit. By doing so, Amazon indicated it hopes to address "the diversity gaps in today's technology workforce."

From the press release: "Amazon's signature computer science education program, Amazon Future Engineer, is trying to help close those gaps by donating $15 million to Code.org over three years. The money will support the creation of the new equity-minded curriculum and other initiatives designed to reach more students from underrepresented groups. The initiatives aim to increase student awareness of academic and career pathways in computer science as well as equip them to be successful in college-level computer science and beyond. Working together, we have our eyes set on an ambitious goal of doubling the participation of students from underrepresented groups in AP CSA within five years of the course's launch."

After CEO Jeff Bezos came under fire [PDF] last summer for the company's continued resistance to making its EEO-1 diversity regulatory filing public, Amazon finally agreed to publicly disclose its race, gender and ethnicity workforce data sometime in 2021.

RoccamOccam writes: The developers at Discord have seen success with Rust on their video encoding pipeline for Go Live and on their Elixir NIFs' server. Recently, they penned a post explaining how they have drastically improved the performance of a service by switching its implementation from Go to Rust.

From the post, "Remarkably, we had only put very basic thought into optimization as the Rust version was written. Even with just basic optimization, Rust was able to outperform the hyper hand-tuned Go version. This is a huge testament to how easy it is to write efficient programs with Rust compared to the deep dive we had to do with Go."

Ryan Dahl, creator of Node.js and Deno, gave a new interview this week to the IT outsourcing company Evrone: Evrone: You have hands-on experience with lots of programming languages: C, Rust, Ruby, JavaScript, TypeScript. Which one do you enjoy the most to work with?

Ryan: I have the most fun writing Rust these days. It has a steep learning curve and is not appropriate for many problems; but for the stuff I'm working on now it's perfect. It's a much better C++. I'm convinced that I will never start a new C++ project. Rust is beautiful in its ability to express low-level machinery with such simplicity.

JavaScript has never been my favorite language — it's just the most common language — and for that reason it is a useful way to express many ideas. I don't consider TypeScript a separate language; its beauty is that it's just marked up JavaScript. TypeScript allows one to build larger, more robust systems in JavaScript, and I'd say it's my go-to language for small everyday tasks.

With Deno we are trying to remove a lot of the complexity inherent in transpiling TypeScript code down to JavaScript with the hope this will enable more people to utilize it.

Evrone: Gradual typing was successfully added into core Python, PHP, and Ruby. What, in your opinion, is the main showstopper for adding types into JavaScript?

Ryan: Types were added to JavaScript (with TypeScript) far more successfully than has been accomplished in Python, PHP, or Ruby. TypeScript is JavaScript with types. The better question is: what is blocking the JavaScript standardization organization (TC39) from adopting TypeScript? Standardization, by design, moves slowly and carefully. They are first looking into proposing Types-As-Comments, which would allow the JavaScript runtimes to execute TypeScript syntax by ignoring the types. I think eventually TypeScript (or something like it) will be proposed as part of the JavaScript standard, but that will take time.

Evrone: As a respectable VIM user, what do you think of modern programmer editors like Visual Studio Code? Are they good enough for the old guard?

Ryan: Everyone I work with uses vscode and they love it. Probably most people should use that.

I continue to use VIM for two reasons. 1) I'm just very familiar and fast with it, I like being able to work over ssh and tmux and I enjoy the serenity of a full screen terminal. 2) It's important for software infrastructure to be text-based and accessible with simple tools. In the Java world they made the mistake of tying the IDEs too much into the worldflows of the language, creating a situation where practically one was forced to use an IDE to program Java. By using simple tooling myself, I ensure that the software I develop does not become unnecessarily reliant on IDEs. If you use grep instead of jump-to-definition too much indirection becomes intolerable. For what I do, I think this results in better software.

Today is the 30th anniversary of the Python programming language, "which has never been more popular, arguably thanks to the rise of data science and AI projects in the enterprise," writes Venture Beat.

To celebrate the historical releases file has been updated to include Guido van Rossum's original 0.9.1 beta release from 1991. (Its ReadMe file advises that Python 0.9 "can be used instead of shell, Awk or Perl scripts, to write prototypes of real applications, or as an extension language of large systems, you name it.")

And meanwhile, VentureBeat interviewed Pablo Galindo, one of the five members of the 2021 Python Steering Council and a software engineer at Bloomberg: VentureBeat: What's your current assessment of Python?

Galindo: Python is a very mature language, and it has evolved. It also has a bunch of things that it carries over. Python has some baggage that nowadays feels a bit old, but the community and the ecosystem has to be preserved. It's similar to how C and C++ are evolving right now. When you make changes to the language, it's quite dangerous [because you can] break things. That's what people are scared of the most.

But even though Python is quite old, there are big changes. The Python 3.1 release for this October will include pattern matching, which is one of the biggest syntax changes that Python has seen in a long time. We can learn from other languages. I think we're happy to say that we are still evolving and adapting. We have a good experience with respecting the importance of backwards compatibility.

VentureBeat: If you could be Python king for a day, what would you change?

Galindo: I would be a horrible King for a day. The first order of business would be to fix all these things that we have acquired over the years in the language. That would require breaking a bunch of things. Obviously, I will not do that, but I think one of the things I really would like to see in the future is for Python to become faster than it is. I think Python still has a lot of potential to become faster. I'm thinking this will be impossible. But one can dream.

VentureBeat: What do you know now about Python today that you wish you knew when you first began using it?

Galindo: I think the most important thing I learned is how many different uses there are for Python. It's important to listen to all these sorts of users when considering the evolution of the language. It's quite surprising and quite revealing to consider how changes or improvements will conflict or will interact with other users of the language.

That's something that when I started I didn't even consider. It would be good if people could be empathetic to us changing the language when we have to balance these things.

Almost exactly a year after Google announced the first developer preview of Android 11, the company today released the first developer preview of Android 12. From a report: Google delayed the roll-out of Android 11 a bit as the teams and the company's partners adjusted to working during a pandemic, but it looks like that didn't stop it from keeping Android 12 on schedule. As you would expect from an early developer preview, most of the changes here are under the hood and there's no over-the-air update yet for intrepid non-developers who want to give it a spin. Among the highlights of the release so far -- and it's important to note that Google tends to add more user-facing changes and UI updates throughout the preview cycle -- are the ability to transcode media into higher-quality formats like the AV1 image format, faster and more responsive notifications and a new feature for developers that now makes individual changes in the platform togglable so they can more easily test the compatibility of their apps. Google also promises that just like with Android 11, it'll add a Platform Stability milestone to Android 12 to give developers advance notice when final app-facing changes will occur in the development cycle of the operating system. Last year, the team hit that milestone in July when it launched its second beta release. Developers who want to get started with bringing their apps to Android 12 can do so today by flashing a device image to a Pixel device. For now, Android 12 supports the Pixel 3/3 XL, Pixel 3a/3a XL, Pixel 4/4 XL, Pixel 4a/4a 5G and Pixel 5. You can also use the system image in the Android Emulator in Google's Android Studio.

In its bid for TikTok, Oracle was supposed to prevent data from being passed to Chinese police. Instead, it's been marketing its own software for their surveillance work. From a report: Police in China's Liaoning province were sitting on mounds of data collected through invasive means: financial records, travel information, vehicle registrations, social media, and surveillance camera footage. To make sense of it all, they needed sophisticated analytic software. Enter American business computing giant Oracle, whose products could find relevant data in the police department's disparate feeds and merge it with information from ongoing investigations. So explained a China-based Oracle engineer at a developer conference at the company's California headquarters in 2018. Slides from the presentation, hosted on Oracle's website, begin with a "case outline" listing four Oracle "product[s] used" by Liaoning police to "do criminal analysis and prediction." One slide shows Oracle software enabling Liaoning police to create network graphs based on hotel registrations and track down anyone who might be linked to a given suspect.

Another shows the software being used to build a police dashboard and create "security case heat map[s]." Apparent pictures of the software interface show a blurred face and various Chinese names. The concluding slide states that the software helped police, whose datasets had been "incomprehensible," more easily "trace the key people/objects/events" and "identify potential suspect[s]" -- which in China often means dissidents. Oracle representatives have marketed the company's data analytics for use by police and security industry contractors across China, according to dozens of company documents hosted on its website. In at least two cases, the documents imply that provincial departments used the software in their operations. One is the slideshow story about Liaoning province. The other is an Oracle document describing police in Shanxi province as a "client" in need of an intelligence platform. Oracle also boasted that its data security services were used by other Chinese police entities, according to the documents -- including police in Xinjiang, the site of a genocide against Muslim Uyghurs and other ethnic groups. In marketing materials, Oracle said that its software could help police leverage information from online comments, investigation records, hotel registrations, license plate information, DNA databases, and images for facial recognition. Oracle presentations even suggested that police could use its products to combine social media activity with dedicated Chinese government databases tracking drug users and people in the entertainment industry, a group that includes sex workers. Oracle employees also promoted company technology for China's "Police Cloud," a big data platform implemented as part of the emerging surveillance state.