On Thursday long-time Slashdot reader PuceBaboon wrote: Ars Technica is reporting a new attack on unprotected databases which, to date, has deleted all content from over 1,000 ElasticSearch and MongoDB databases across the 'net, leaving the calling-card "meow" in its place.

Most people are likely to find this a lot less amusing than a kitty video, so if you have a database instance on a cloud machine, now would be a good time to verify that it is password protected by something other than the default, install password...
From the article: The attack first came to the attention of researcher Bob Diachenko on Tuesday, when he discovered a database that stored user details of the UFO VPN had been destroyed. UFO VPN had already been in the news that day because the world-readable database exposed a wealth of sensitive user information... Besides amounting to a serious privacy breach, the database was at odds with the Hong Kong-based UFO's promise to keep no logs. The VPN provider responded by moving the database to a different location but once again failed to secure it properly. Shortly after, the Meow attack wiped it out.
"Attacks have continued and are getting closer to 4,000," reports Bleeping Computer. "A new search on Saturday using Shodan shows that more than 3,800 databases have entry names matching a 'meow' attack. More than 97% of them are Elastic and MongoDB."

When asked for the most efficient way to sort a million 32-bit integers in 2008, then-presidential candidate Barack Obama answered, "I think the bubble sort would be the wrong way to go."

But people are still searching for the best possible sorting algorithms, explains Slashdot reader scandum: Long has the conviction been held that quicksort is faster than merge sort. Timsort (derived from merge sort and insertion sort) was introduced in 2002 and while slower than quicksort for random data, Timsort performs better on ordered data.

Quadsort (derived from merge sort) was introduced in 2020 and is faster than quicksort for random data, and slightly faster than Timsort on ordered data.

Also of notice is the significant performance difference on small arrays, quadsort is on average two times faster than Timsort on data sets between 10 and 1000 elements. Quadsort achieves this performance through several optimizations spread out over 1500 lines of code that get the maximum performance out of merge sort.
Quadsort's GitHub page explains: After the first round of sorting a single if check determines if the four swap variables are sorted in order, if that's the case the swap finishes up immediately. Next it checks if the swap variables are sorted in reverse-order, if that's the case the sort finishes up immediately. If both checks fail...two checks remain to determine the final order.

An anonymous reader quotes a report from BuzzFeed News: On July 19, genealogy enthusiasts who use the website GEDmatch to upload their DNA information and find relatives to fill in their family trees got an unpleasant surprise. Suddenly, more than a million DNA profiles that had been hidden from cops using the site to find partial matches to crime scene DNA were available for police to search. The news has undermined efforts by Verogen, the forensic genetics company that purchased GEDmatch last December, to convince users that it would protect their privacy while pursuing a business based on using genetic genealogy to help solve violent crimes.

A second alarm came on July 21, when MyHeritage, a genealogy website based in Israel, announced that some of its users had been subjected to a phishing attack to obtain their log-in details for the site -- apparently targeting email addresses obtained in the attack on GEDmatch just two days before. In a statement emailed to BuzzFeed News and posted on Facebook, Verogen explained that the sudden unmasking of GEDmatch profiles that were supposed to be hidden from law enforcement was "orchestrated through a sophisticated attack on one of our servers via an existing user account." "As a result of this breach, all user permissions were reset, making all profiles visible to all users. This was the case for approximately 3 hours," the statement said. "During this time, users who did not opt in for law enforcement matching were available for law enforcement matching and, conversely, all law enforcement profiles were made visible to GEDmatch users." It's unclear whether any unauthorized profiles were searched by law enforcement.

Apple has announced that it will send special devices that make it easier to find flaws and vulnerabilities in its mobile operating system iOS to iPhone hackers that apply and qualify for a program the company announced last year. From a report: The program might make some hackers less likely to engage in the underground market for stolen prototype iPhones hackers currently use to research iPhone security, and encourage them to share their findings with Apple. In a new website published on Wednesday, Apple wrote that the program "features an iPhone dedicated exclusively to security research, with unique code execution and containment policies." It's called the Security Research Device Program. Security researchers can apply for it starting today and Apple told Motherboard that if they qualify they will receive the devices soon. Apple doesn't have a goal in terms of how many of these devices it wants to send out, and all you need to qualify is having a public track record of security research, not only on iPhone but also on other popular devices and software like Android phones, Windows, or Linux.

Ahead of an antitrust hearing on Capitol Hill next week, Apple is fighting back against the perception that its App Store charges onerous commission rates to developer by hiring economists from the firm Analysis Group, who said the tech giant's fees were similar to competitors. From a report: The research, published Wednesday, collected commission rates reported on or disclosed by app stores from Amazon, Google, Microsoft, Samsung and others. The company's economists also studied ticket resale marketplaces, game stores and ride-hailing apps. Overall, the economists said the commissions charged were similar, though stores generally offered different features for consumers and developers. "The commission rates charged by digital marketplaces most similar to the App Store, such as other app stores and video game digital marketplaces, are generally around 30%," the economists wrote in study [PDF]. The economists also broadly defended these commission rates, saying this system "lower the barriers to entry for small sellers and developers by minimizing upfront payments, and reinforce the marketplace's incentive to promote matches that generate high long-term value." The economists didn't look into whether the fees stifle innovation or are fair, concerns developers have raised.

An anonymous reader writes: A rare 1944 four-rotor M4 Enigma cipher machine, considered one of the hardest challenges for the Allies to decrypt, has sold at a Christie's auction for $437,955. As noted by Christie's, the M4 Enigma has a special place in computing history as the Allied efforts to break its encryption led to the development of the first programmable computer, the one developed at Bletchley Park that was used to secretly break the M4, giving Allied forces visibility into German naval planning during the Battle of the Atlantic until its surrender in mid-1945.

The M4 Enigmas are considered rare because they were made in smaller numbers than three-rotor machines. After Germany capitulated, the country ordered troops to destroy remaining Enigmas in order to keep them from Allied forces. After the war Winston Churchill also ordered all remaining Enigmas destroyed to help preserve the secret of Allied decoding successes at Bletchley. The M4 Enigmas were made on the order of Admiral Karl Donitz, the commander of the German U-boat fleet, who had concerns over repeated Allied successes against his submarines. The M4 became available to the U-boat fleet in May 1941, preventing Allies from knowing where German's U-boats were positioned for almost a year until Turing and Joe Desch in Dayton, Ohio developed the computer that broke M4 encryption to decipher German messages. By mid-1943 the majority of M4 Enigma messages were being read by the Allies, but it was not until the 1970s that knowledge of the Allied successes against the Enigma was made public. "Rival auction house Sotheby's sold an M4 Enigma last year for $800,000, which may have reached a higher selling price because it was one of one of 15 Enigma machines found in a bunker at Germany's key Northern European naval base in Trondheim, Norway, which Germany had occupied since 1940," adds ZDNet.

An anonymous reader quotes The Register: People applying for software engineering positions at companies are often asked to solve problems on a whiteboard, under the watchful eye of an interviewer, as a way to assess technical problem solving skills. But recent research suggests that whiteboard technical tests — so daunting to job seekers that there are books on how to deal with them — often fail to assess technical skill, according to new research. Instead, they're all about pressure.

In a paper to be presented later this year at the ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, researchers from North Carolina State University and Microsoft in the U.S. argue that whiteboard sessions test for stage fright rather than, y'know, coding competency... "A technical interview has an uncanny resemblance to the Trier Social Stress Test, a procedure used for decades by psychologists and is the best known 'gold standard' procedure for the sole purpose of reliably inducing stress." As a consequence, whiteboard interviews may fail to assess coder competency. Rather, the researchers argue, they measure how well job candidates handle anxiety....

In essence, social anxiety took otherwise qualified job candidates out of the running because of the circumstances of the interview.

An intriguing exchange happened on the Linux Kernel Mailing List after a post by Nick Desaulniers, a Google software engineer working on compiling the Linux Kernel with Clang (and LLVM). Hackaday reports: Nick simply tested the waters for a possible future of Rust within the Linux kernel code base, which is something he's planning to bring up for discussion in this year's Linux Plumbers Conference — the annual kernel developer gathering. [Desaulniers thinks that discussion will include "a larger question of 'should we do this?' or 'how might we place limits on where this can be used?'"]

The interesting part is Linus Torvalds's response on the LKML thread, which leaves everyone hoping for a hearty signature Rust rant akin to his C++ one disappointed. Instead, his main concern is that a soft and optional introduction of the support in the build system would leave possible bugs hidden, and therefore should be automatically enabled if a Rust compiler is present — essentially implying that he seems otherwise on board.
Linus also touched on Rust earlier this month in his keynote interview with Dirk Hohndel, the chief open source officer at VMware, during the special virtual edition of the Linux Foundation's annual Open Source Summit and Embedded Linux Conference North America: Dirk Hohndel: Every new project is done in Go or Rust or another new language I've never heard of. Is there a risk that we are becoming the COBOL programmers of the 2030s?

Linus Torvalds: Well, I don't actually think it's true that nobody writes in C any more. I think C is still one of the top 10 languages easily, if you look at any of the statistics.

That said — I mean, people are actively looking at, especially doing drivers and things that are not very central to the kernel itself, and having interfaces to do those, for example, in Rust. People have been looking at that for years now. I'm convinced it's going to happen one day.

I mean, it might not be Rust, but it is going to happen that we will have different models for writing these kinds of things. And C won't be the only one. I mean right now, it's C or assembly, and most people would rather not touch the assembly parts. [Dirk laughs] But it is something that people are looking at. I'm probably the wrong person. Greg has been more involved, since he's the driver maintainer in general. But things are afoot, and these things take a long, long time. I mean, the kind of infrastructure you need to start integrating other languages into a kernel, and making people trust these other languages — that's a big step.

New submitter kimmmos shares a report from BetaNews: An unprotected database belonging to the VPN service UFO VPN was exposed online for more than two weeks. Contained within the database were more than 20 million logs including user passwords stored in plain text. User of both UFO VPN free and paid services are affected by the data breach which was discovered by the security research team at Comparitech. Despite the Hong Kong-based VPN provider claiming to have a "strict no-logs policy" and that any data collected is anonymized, Comparitech says that "based on the contents of the database, users' information does not appear to be anonymous at all." A total of 894GB of data was exposed, and the API access records and user logs included: Account passwords in plain text; VPN session secrets and tokens; IP addresses of both user devices and the VPN servers they connected to; Connection timestamps; Geo-tags; Device and OS characteristics; and URLs that appear to be domains from which advertisements are injected into free users' web browsers. Comparitech notes that this runs counter to UFO VPN's privacy policy.

Microsoft-owned GitHub has finally moved its snapshot of all active public repositories on the site to a vault in Norway. ZDNet reports: GiHub announced the archiving plan last November and on February 20 followed through with the 21 terabyte snapshot written to 186 reels of film. GitHub cancelled plans for a team to "personally escort the world's open-source code to the Arctic" due to the coronavirus pandemic, leaving the job to local partners who received the boxed films and deposited them in an old coal mine on July 8. The archive is being stored in Svalbard, Norway, a group of islands that's also home to the global seed bank.

"The code landed in Longyearbyen, a town of a few thousand people on Svalbard, where our boxes were met by a local logistics company and taken into intermediate secure storage overnight," said Julia Metcalf, director of strategic programs at GitHub. "The next morning, it traveled to the decommissioned coal mine set in the mountain, and then to a chamber deep inside hundreds of meters of permafrost, where the code now resides fulfilling their mission of preserving the world's open-source code for over 1,000 years." The repository includes public code repositories and significant dormant repos. The snapshot consists of the HEAD of the default branch of each repository, minus any binaries larger than 100kB in size. Each repository is then packaged as a single TAR file, and for efficiency's sake, most of the data will be stored as QR codes. A human-readable index and guide will itemize the location of each repository and explain how to recover the data.

Cambridge Engineering alumnus Hal Evans has built a fully-functioning replica of a 1930s Polish cyclometer -- an electromechanical cryptologic device that was designed to assist in the decryption of German Enigma ciphertext. The replica currently resides in King's College, Cambridge. TechXplore reports: Work on the hardware-based replica began in 2018, as part of Hal's fourth year Master's project under the supervision of King's College Fellow and Senior Tutor Dr. Tim Flack. The aim was to investigate further into cryptologist Marian Rejewski's cyclometer -- an early forerunner to Cambridge University mathematician Alan Turing's machine, known as the Bombe, which was used to crack the German Enigma code during the Second World War. Hal said he chose to work on the cyclometer as it was the very first machine used to assist the decryption effort. To his knowledge, the replica is the first fully-functioning hardware-based electromechanical cyclometer to exist since the years preceding the Second World War. The original machines would have been destroyed in 1939 to prevent them from falling into the hands of German invaders.

Rejewski's cyclometer exploited the German's procedure at the time of double encipherment of the Enigma message key, and semi-automated the process for calculating what were known as 'characteristics' for every possible Enigma rotor starting position. There were more than 100,000 of these rotor starting positions, and they each needed their characteristic to be calculated and catalogued in a card index system. The cyclometer therefore eliminated the arduous task of calculating these characteristics by hand. The machine consisted of, in effect, two interlinked Enigma systems side-by-side -- one offset by three positions relative to the other -- and 26 lamps and switches to cover the alphabet. On operation, a certain number of bulbs illuminated, indicating the lengths of the characteristics. These were recorded for every single possible rotor starting position to create an immense look-up catalogue. Once this was completed, obtaining the daily Enigma rotor starting settings to decode messages was a simple matter of intercepting enough messages and referencing the catalogue, taking only a matter of minutes.

Today I learned that Microsoft "has been providing support for the development and building of the PHP programming language on Windows," according to Bleeping Computer. "This support includes developing security patches for PHP and creating native Windows builds."

But that's going to change: Microsoft has announced that it will not offer support in 'any capacity' for PHP for Windows 8.0 when it is released... To add some clarity to Microsoft PHP Windows Lead Dale Hirt's post, PHP Release Manager Sara Golemon posted to Reddit explaining that this does not mean PHP 8.0 will not be supported in Windows. It just means that Microsoft will not be the one building and supporting it. "For some possibly missing context, Microsoft runs https://windows.php.net and produces all the official builds of PHP for Windows... This message means Microsoft aren't going to produce official builds for PHP 8 onwards. This message does NOT mean that nobody will."

Microsoft has not stated why they will no longer support PHP 8.0, but it could be due to the extensive PHP support already existing in the Windows Subsystem for Linux (WSL). Microsoft has been actively developing WSL, which allows users to install various Linux distributions that run directly in Windows 10.

As these distributions already support PHP 7.4 and will support PHP 8.0 when released, Microsoft may see it as unnecessary to continue supporting a native PHP build in Windows.

The R programming language is experiencing a surge in popularity "in the slipstream of Python," according to this month's TIOBE index, leaping into the top ten.

"For historical context, we wrote of R's spot in TIOBE nearly two years ago, and it had just made the leap from #50 to #39," writes programming columnist Mike Melanson.

ZDNet writes: In May, when R crashed out of the top 20 for the first time in three years, Tiobe speculated that the language could be a victim of consolidation in statistical programming, with more developers in the field gravitating towards Python.
But there's been a lot of motion since then, Tech Republic reports: R rose one space to eighth place in July, but its comparison to 2019 is where the real surprise lies: It was in 20th place at the same time last year. TIOBE CEO Paul Jansen cites two reasons why R may be increasing in popularity:

- Universities and research institutes have moved away from commercial statistical languages like SAS and Stata in favor of open source languages Python and R.

- The increase in analytics being used to search for a COVID-19 vaccine....

The largest gainers in popularity between July 2019 and July 2020 are Go, which jumped from 16th to 12th place, Perl, jumping from No. 19 to No. 14, Scratch, jumping from No. 30 to No. 17, Rust, which moved from No. 33 to No. 18, and PL/SQL, which moved from No. 23 to No. 19.

Ruby fell the most, moving from 11th place to 16th, while SQL, MATLAB, and Assembly Language also slipped down the list.
ZDNet adds that "Besides R's upwards shift, Tiobe's July index doesn't show much movement in the popularity of the top languages. The top 10 in descending order are C, Java, Python, C++, C#, Visual Basic, JavaScript, R, PHP and Swift."

Visual Studio magazine argues that the biggest surprise may be that the 29-year-old language classic Visual Basic is still in the top 20 — since its last stable release was 22 years ago, and by 2008 it was finally retired by Microsoft. "VB6 just refuses to go away, achieving cult-like status among a group of hard-core supporters."

"Other terms are more inclusive and precise," reads a merged Pull request for the Rust programming language titled "Avoid 'whitelist'."

"This doesn't look like it affects any 'user visible' flags or anything like that," core developer Niko Matsakis had pointed out in a comment on the pull request, asking "It's purely internal...?"

The pull request has since been merged.

theodp writes: From the Home Office in Cupertino: "Apple today announced a new set of tools to help educators teach coding to students from grade school to college. In addition to significant enhancements to the Develop in Swift and Everyone Can Code curricula, Apple is also starting a new professional learning course for Develop in Swift, available to educators at no cost. The course is designed to supplement the need for computer science educators in the US, and helps instructors of all skill levels build foundational knowledge to teach app development with Swift. In addition, with many institutions operating remotely, Apple is adding resources for educators and parents to help ensure they have the tools they need to help students learn and grow from anywhere. [...] To support parents with kids learning to code at home, Apple is adding a new guide to its set of remote learning resources. 'A Quick Start to Code' is now available and features 10 coding challenges designed for learners ages 10 and up, on iPad or Mac. [...] In 2016, Apple launched Everyone Can Code, a comprehensive program and curriculum to help students of all abilities, from kindergarten to college, learn coding to solve problems and prepare them for the workforce. Develop in Swift was released in 2019, and today more than 9,000 K-12 and higher education institutions worldwide are using the Everyone Can Code and Develop in Swift curricula from Apple."

Back in 2018, Apple CEO Tim Cook claimed that most students shunned programming before Apple introduced Swift "because coding languages were 'too geeky.'" As Apple introduced Swift in 2016, Cook called for requiring all children to start coding in 4th grade (9-10 years old), which Cook reiterated to President Trump in a 2017 White House meeting with tech titans.

John Gruber, writing at DaringFireball: Feel free to file Google's release this week of an update to their iPad Gmail app with support for split-screen multitasking under "better late than never," but this is so late it borders on the absurd. It's like the difference between showing up fashionably late and showing up a week after the party. Split-screen multitasking was introduced for the iPad back in 2015 with iOS 9. Five years to add support for a foundational element of the iPad user experience. And an email client is near the top of the list of the type of apps where someone would want to use split-screen. Five years. Google makes a lot of software with terrible user experiences for users who have poor taste. Their iOS software, in particular, has for the most part never suggested that it was designed by people who like -- or even use -- iOS. It's the blind leading the blind. But yet the Gmail app is currently the number one free app in the Productivity category in the App Store.

On the surface, it's tempting to blow this off. To each their own. Whatever floats their boat. Who cares if millions of iPad users are satisfied using an email client that is a poor iPad app, so long as actual good iPad email clients are available to those who do care? But what about those stuck using the Gmail app not because they want to, but because they have to? Who can help them but Apple? I worry that it's not tenable in the long run to expect Apple to continue striving to create well-crafted -- let alone insanely great -- software when so many of its users not only settle for, but perhaps even prefer, software that is, to put it kindly, garbage. There have always been popular Mac and iPhone apps that are objectively terrible apps -- where by "popular" I mean much-used, not much-loved. But what made Apple users Apple users is that they complained vociferously if they had to use a terrible app. Word 6 was a sack of dog shit Microsoft dropped off and set aflame on Mac users' porch, but we all knew it was a flaming bag of dog shit, and even those of us who didn't even use Word were angry about it because it was an insult.

I worry that this sort of "Who cares, it's better than nothing" attitude has seeped into Apple itself, and explains how we wound up with barely modified iPad apps shipping as system apps on the Mac. But more than anything I worry that this exemplifies where Apple has lost its way with the App Store. What exactly is the point of running a strict approval process for apps if not, first and foremost, to ensure that they're good apps? An iPad email app that doesn't support split-screen multitasking for five years is, by definition, not a good app. I'd like to see all the vim, vigor, and vigilance Apple applies to making sure no app on the App Store is making a dime without Apple getting three cents applied instead to making sure there aren't any scams or ripoffs, and that popular apps support good-citizen-of-the-platform features within a reasonable amount of time after those features are introduced in the OS. I don't know exactly how long "reasonable" is, but five fucking years for split-screen support ain't it.

Apple today seeded the first public betas of upcoming iOS 14 and iPadOS 14, and tvOS 14 updates to its public beta testing group, two weeks after first providing the updates to developers after the WWDC keynote.

Microsoft is forming a team internally under the Microsoft Devices division that will handle the development of the Android OS for Surface Duo going forward. Windows Central: According to my sources, up until now, Microsoft had contracted the OS work out to third-party vendors such as Movial, who had the expertise required to bring Android to life on Surface Duo. Movial is a software, services, and design engineering company that was working closely with Microsoft on Surface Duo during its prototype and development stages. Microsoft has now acquired the local operations of Movial in Romania, Taiwan, and the USA, and is bringing on-board all the Movial employees that were working on the Surface Duo as full-time employees at Microsoft.

Microsoft is not acquiring Movial as a whole. Movial will continue to operate as a standalone company, with employees at its headquarters in Finland remaining at Movial. SeeNews reports that Movial's Iasi office will become Microsoft Romania's fourth research and development center, as it on-boards 60 employees from Movial in that location.

theodp writes: Code.org's $10+ million "Diamond" supporters include Microsoft, Facebook, Amazon, and Infosys. Its $3+ million "Platinum" supporters include Google, the Gates Foundation, and the Ballmer Group. And its $1+ million "Gold" supporters include Jeff Bezos and Bill Gates, the world's two richest men. So, it was somewhat surprising to see the nonprofit -- which is dedicated to pushing CS into K-12 classrooms -- pop up on the list of Seattle-area tech companies that received a PPP loan from the federal government. According to Paycheck Protection Program data released by the SBA and Treasury, Code.org was approved on April 15th for a loan between $1-2 million to retain 81 jobs due to the pandemic. Khan Academy, another pet nonprofit of Gates and other billionaires, received approval for a $2-5 million PPP loan to retain 185 jobs.

Once upon a time, you could play Scrabble on your black-and-white Kindle readers. Or chess or sudoko, or even solve New York Times Crossword Puzzles. Amazon's Kindle Store had included 500 slick Java-based "Active Content" downloads...

Electronic Arts even produced Kindle-specific versions of Monopoly, Yahtzee, and Battleship, while Amazon created original games with titles like Every Word and Pirate Stash — and even a choose-your-own-adventure game named Dusk World.

Amazon soon moved into color touchscreen tablets, where there are many more games to choose from. But while any old downloaded "Active Content" will still work on their black-and-white Kindle readers, Amazon has now stopped selling it in its Kindle Store, reports The Digital Reader: The feature launched in 2010/2011, and was essentially abandoned by 2014 when Amazon launched the Kindle Voyage. Amazon decided to not support Active Content on its then newest ereader. Later Kindle models also lacked support for Active Content, and that meant it was only a matter of time before Amazon also removed the section from the Kindle Store.

And now one of the last remaining holdovers from that crazy time when ebooks were new is now gone.

There was a time, back in the early ebook era, when everyone was throwing really cool ideas up against the wall to see what stuck. Enhanced ebooks, for example, got tried a dozen times in around 7 years, and failed to find a market every time. Augmented reality ebooks was also tried several times, and for the most part failed because the tech wasn't there (AR was always going to be a niche product, but it's time will come). Digital textbooks were tried and failed several times because students could see they didn't make economic sense, but then publishers found a way to force them down students' throats (site licenses)...

And now Kindle Active Content is joining all the other formerly great ideas in the ebook graveyard.