Long-time Slashdot reader bbsguru shares a story from the alternative newsweekly the Arkansas Times. "A computer programmer applying for unemployment on Arkansas's Pandemic Unemployment Assistance program discovered a vulnerability in the system that exposed the Social Security numbers, bank account and routing numbers and other sensitive information of some 30,000 applicants.

"Anyone with basic computer knowledge could have accessed personal information for malicious purposes." Alarmed, the computer programmer called the Arkansas Division of Workforce Services Friday morning and was told by an operator that there was no one available who could talk to him. He then tried someone at the Arkansas State Police Criminal Investigation Division, who told the programmer he would find the person he needed to talk with to fix the situation. The programmer later called the Arkansas Times for advice on whom to call. The Times alerted the Division of Workforce Services to the issue at 4:30 p.m. Soon after a message appeared on the website that said, "The site is currently under maintenance...."

In exploring the website, the computer programmer determined that by simply removing part of the site's URL, he could access the administrative portal of the site, where he had the option of editing the personal information of applicants, including bank account numbers. From the admin portal, he viewed the page's source code and saw that the site was using an API (application programming interface) to connect with a database. That API was also left unencrypted, and he could access all of the applicants' raw data, included Social Security numbers and banking information...

The computer programmer said he thought he could have programmed a script that would gather all of the information from the API in under an hour.

An anonymous reader quotes a report from 9to5Mac: A massive data breach dubbed db8151dd has exposed the records of 22M people -- including addresses, phone numbers, and social media links. But the source of the data is a mystery. I got an email alert this morning from the haveibeenpwned.com site telling me that my details were included. The exposed data appears extensive: "Email addresses, Job titles, Names, Phone numbers, Physical addresses, Social media profiles." However, Troy Hunt, who runs the site, said that nobody has been able to identify where the information came from.

That 'interesting' data appears to come from customer relationship management (CRM) systems, including things like: "Recommended by Andie [redacted last name]. Arranged for carpenter apprentice Devon [redacted last name] to replace bathroom vanity top at [redacted street address], Vancouver, on 02 October 2007." Best guess is it's some kind of aggregated data from a number of sources, but as neither Hunt nor other information security professionals have been able to identify any of them despite attempts lasting almost three months, it appears the details of the privacy breach may remain a mystery. Hunt says there's almost 90GB of personal information in the open database.

"Back in Feb, Dehashed reached out to me with a massive trove of data that had been left exposed on a major cloud provider via a publicly accessible Elasticsearch instance. It contained 103,150,616 rows in total," writes Hunt. "The global unique identifier beginning with 'db8151dd' features heavily on these first lines hence the name I've given the breach. I've had to give it this name because frankly, I've absolutely no idea where it came from, nor does anyone else I've worked on with this."

Ivan Mehta, writing for The Next Web: For years, IDEs (Integrated Development Environment) have tried to make development quicker by predicting the next part of a developer's code. Now, startups like Codota are using AI to help developers with code completion on any code editor. The Israel-based startup was found in 2015 by Dror Weiss and Eran Yahav. Codota's free-to-use autocomplete plug-in supports major languages such as Java, Python, Javascript, PHP, and Rust across major IDEs such as Eclipse and Android Studio. Yahav told me that Codota differs from other code completion AIs as it's able to predict the next token completion by leaning on an AI-based code 'dictionary.'

White supremacists have reportedly built a website that names, shames, and effectively promotes violence against interracial couples and families -- "and it's been circulated in some of the darkest corners of the internet, including in neo-Nazi Discord servers and accelerationist Telegram channels," reports VICE News. An anonymous reader shares the report: The website was created in April but was taken offline after their initial hosting provider cut ties with them. They then found a home with one of Russia's largest domain registrars, R01. VICE News contacted R01 on Tuesday to ask whether the site violated their policies. An hour later, the site was taken offline, but as of Wednesday morning it was back up. Tatiana Agafonova, a spokesperson for R01, wrote in an email that the company would "diligently render its services to customers" unless a court rules otherwise or they're contacted by law enforcement. The owner of the website shields their identity and location through Cloudflare, a U.S.-based security company that protects customers from DDoS attacks (attempts to crash a website by overwhelming it with data). VICE News contacted Cloudflare to ask how this particular website squared with their policies. They declined to comment on individual websites but directed us to their blog from February 2019, where they "address complaints about content." Their bottom line was that Cloudflare is a security company, and content moderation isn't really their responsibility.

[O]ther online extremists have gotten very good at evading tech crackdowns by employing an ever-evolving shared language of memes and euphemisms used to signpost for the same racist views. The website in question uses the same strategy, which seems to be carefully crafted in an effort to shield the owner from liability. The owner even explicitly states on the site that they do not encourage violence -- all they're doing is listing names and social media accounts as part of a database of "white women who have an interest in black men." One section is titled "toll paid," and it lists women who have been in interracial relationships, and had something horrible happen to them, like death or injury. [...]

The owner of the website claims that the "toll paid" section is intended to catalog incidents where white women are victims of black violence, and isn't an incitement. But "all the disclaimers in the world" may not be enough to protect them from a lawsuit some day, especially if someone is harassed or harmed as a result, says Subodh Chandra, a former federal prosecutor who has handled high-profile civil rights cases, including a recent case against the Daily Stormer.

The Python Software Foundation and JetBrains collected over 24,000 responses for the third annual Python Developer's Survey. Among its findings: 59% said they used Python for data analysis, "followed by web development at 51%, and machine learning at 40%," reports ZDNet: Other major applications of Python include DevOps and system administration (39%), programming web tools like crawlers (37%), software testing (31%), education (26%), software prototyping (25%), network programming (21%), desktop development (18%), computer graphics (14%), embedded system development (8%), game development (7%) and mobile development (6%).

However, at 28%, web development remains the top purpose when respondents were asked what they used Python for the most. It is followed by data analysis (18%), machine learning (13%), and DevOps, and system administration (9%).

Good news given that the final version of Python 2 was just released, the survey found that 90% are using Python 3, up from 84% in 2018. Of those still on Python 2, 45% are using it for web development, and 41% are using it for DevOps and system administration. PSF speculates that web development's dominance in Python 2 is because of legacy code...

Some 68% of Python developers are building on Linux, followed by Windows at 48%, while macOS has a 29% share...

The PyCharm integrated development environment (IDE) from JetBrains is once again the top IDE with a 33% share, followed by Microsoft's open-source cross-platform editor VS Code with a 24% share.

Python adoption is often attributed to its moderate learning curve. The survey found that 44% of users have just two years' experience and 30% had three to five years' experience.

Charlotte Web writes: Since 2001 the TIOBE Index has been ranking top results for the search query +"<language> programming" on the top 25 search engines. "This month, C moved up past Java and entered the number one position," reports JAXenter.

"There's a new number one. (Or, should we say an old number one?)"

"Java and C were already very close in April, but this month C surpasses Java again," explains Paul Jansen CEO TIOBE Software. He also points out that the last time C was number one was back in 2015, suggesting that today embedded software languages like C and C++ "are gaining popularity because these are used in software for medical devices."

"On another note, it is also worth mentioning that Rust is really getting close to the top 20 now (from #27 to #21 within one month)."

"Perl, on the other hand, might be on its way off of the charts," argues JAXenter, "if it continues its downward trend. This month it saw a rate of change of -0.51%. It is currently number 18 on the list, but in May 2019 it was number 13."
Python also passed C++ to take the #3 spot, while C# overtook Visual Basic for the #5 spot. ("Classic Visual Basic" also lost the #16 spot to PL/SQL).

Even PHP rose a notch, pushing past SQL to take the #8 spot, and Scratch also moved up one, overtaking Objective C for the #19 position.

Lots of developers really want to learn Go, a programming language for large systems created by Google, meanwhile most developers are sick of attending meetings, and most of those working at multinational corporations aren't happy there. From a report: That's according to the results of a survey of over 16,655 developers from 76 countries carried out by HackerEarth, a company with offices in India and San Francisco that provides tools for recruiters to remotely assess developer coding skills. Go comes out top of the languages most developers want to know. The survey finds that 32% of experienced developers pick Go as the programming language they want to learn, well ahead of Python, which 24% say they want to learn. The desire for learning Go lines up with the results of a similar survey by remote developer hiring firm HackerRank. Go is used at Google, Netflix, American Express, Salesforce, IBM, Target, Twitch, Twitter, Uber, and Dropbox.

The MPA, MPA-Canada, and Amazon have filed a request with Github requesting that a Kodi add-on developer's account be deleted from the platform. Citing a copyright case and a permanent injunction handed down by Canada's Federal Court, the content companies claim that the account is still being used to infringe their rights. Github has left the account intact, however. TorrentFreak reports: In February 2018, a developer known online as 'Blamo' (aka 'Mr. Blamo') revealed that he, in common with several of his counterparts, had been threatened by content companies. From there the trail went cold but according to a complaint filed against Github this week, legal action in Canada followed. On September 7, 2018, a dozen companies including the studios of the MPA/MPA-Canada plus Amazon and Netflix launched a copyright infringement lawsuit at Canada's Federal Court against an individual "doing business" as Mr. Blamo.

"In the context of that action, our clients alleged that [Blamo] notably developed, hosted, promoted and distributed infringing add-ons for the Kodi media center, which provided unauthorized access to motion pictures and television content for which the copyright is owned by our clients," the MPA writes. According to Federal Court records, Blamo did not mount any kind of defense so as a result, the matter was decided in his absence. On January 15, 2019, the Federal Court handed down a final judgment, including a declaration of infringement and a permanent injunction. "The permanent injunction enjoins and restrains [Blamo] from, inter alia, hosting, distributing or promoting infringing Kodi add-ons and their repositories, including notably the 'Blamo' repository and the "Chocolate Salty Balls' infringing add-ons," the MPA adds.

The problem here is that, according to the MPA and associated companies, Blamo has a Github account where it is claimed he continues to "host and distribute infringing Kodi add-ons and their repository, including notably the Chocolate Salty Balls infringing add-on and the Blamo repository." This, the MPA says, amounts to contempt of court. What's particularly interesting here, however, is that the MPA isn't asking for the specified URLs to be deleted. Instead, it asks for Blamo's entire Github account to be deactivated instead.

A hacker claims to have stolen over 500GB of data from Microsoft's private GitHub repositories, BleepingComputer reports. From the report: This evening, a hacker going by the name Shiny Hunters contacted BleepingComputer to tell us they had hacked into the Microsoft GitHub account, gaining full access to the software giant's 'Private' repositories. The individual told us that they then downloaded 500GB of private projects and initially planned on selling it, but has now decided to leak it for free. Based on the file stamps in the leaked files, the breach may have occurred on March 28th, 2020.

Slashdot reader thereitis shares a report from Ars Technica that "delves into the reversing community's efforts to produce usable C source code from N64 game binaries." Here's an excerpt: Early this week, with little warning, the Internet was graced with a Windows executable containing a fully playable PC port of Super Mario 64. Far from being just a usual emulated ROM, this self-contained program enables features like automatic scaling to any screen resolution, and players are already experimenting with adding simple graphics-card-level reshaders, including ray-tracing, as well. The PC port -- which was released with little buildup and almost no promotion -- wasn't built from scratch in a modern game engine, in the manner of some other now-defunct Super Mario 64 porting projects. And its release has nothing to do with a recent leak of internal Nintendo files dating back to the Gamecube days. Instead, the port seems to be a direct result of a years-long effort to decompile the Super Mario 64 ROM into parsable C code. This kind of reverse-engineering from raw binary to easy-to-read code isn't a simple process, but it's an effort that a growing community of hobbyist decompilers is undertaking to unlock the secrets behind some of their favorite games.

An anonymous reader quotes a report from ZDNet: The details of 44 million Pakistani mobile subscribers have leaked online this week, ZDNet has learned. The leak comes after a hacker tried to sell a package containing 115 million Pakistani mobile user records last month for a price of $2.1 million in bitcoin. Data contains names, phone numbers, national IDs, and home addresses among others, and is believed to have originated from Jazz, a local mobile provider. According to our analysis of the leaked files, the data contained both personally-identifiable and telephony-related information. This includes the likes of: Customer full names; Home addresses (city, region, street name); National identification (CNIC) numbers; Mobile phone numbers; Landline numbers; and Dates of subscription.

Based on the dates of subscription, the oldest entries in the leaked files are from late 2013, suggesting that hackers either got their hands on an older backup file, or the breach took place in 2013, and only now surfaced online. The vast majority of entries in the leaked files contained mobile phone numbers belonging to Jazz (formerly Mobilink), a Pakistani mobile operator. However, ZDNet also identified phone numbers that appeared to belong to other mobile operators. [...] The incident is already under investigation in Pakistan, where the Pakistan Telecommunication Authority (PTA) and the Federal Investigation Agency (FIA) are looking into the matter since last month when the hacker first tried to sell the entire 115 million batch on a hacker forum.

GitHub has launched Codespaces -- a feature that lets you code directly on the web. Think of this as a virtual Integrated Development Environment (IDE) on the cloud. From a report: Earlier, to contribute to a project you would need to make a pull request, and set up the environment on your local machine according to the requirements of a project. With Codespaces, you don't need to do that anymore. As soon as you click on the code button, the website sets up the environment in seconds.

MicroProse, an American video game publisher and developer founded by Bill Stealey and Sid Meier in 1982, is being resurrected after an absence of almost 20 years. The publisher's last game was Grand Prix 4 released in 2002, but is most famous for the XCOM and Civilization franchises. MojoKid shares a report from HotHardware: The company is now being led by CEO David Lagettiu, while Bill Stealey, who originally founded MicroProse with Sid Meier, will be onboard as a consultant this time around. For those that would like to see some of their MicroProse classics "refreshed" for modern systems, you're in luck. It will be remastering a number of games, although those specific titles haven't been revealed at this time. What the reinvigorated company has announced, however, is that it has three new games on deck. The first is Task Force Admiral, which will have you in command of a U.S. Navy WWII (Pacifica Theater) carrier task force. This will be a full 3D simulation game with 90 ship classes and 40 different types of aircraft with realistic ballistics and full damage modeling. The game is being developed by Drydock Dreams.

Next up is Second front, which is another WWII-themed game developed by Hexdraw. "Second Front is an accessible WWII turn-based tactical game with more than 40 infantry units and 200 tanks, vehicles and guns," writes MicroProse. It has all the depth of a paper wargame and the ease of a computer simulation. Campaign, scenarios and a complete editor make it an infinite tactical sandbox experience." Finally, there's Sea Power, which was developed by Triassic Games. Sea Power shifts to "modern naval conflict campaigns." All three of the games will be launching soon via Steam, which you can check out using the follow links: Task Force Admiral, Second Front, Sea Power.

CAM4, a popular adult platform that advertises "free live sex cams," misconfigured an ElasticSearch production database so that it was easy to find and view heaps of personally identifiable information, as well as corporate details like fraud and spam detection logs. According to Wired, the database exposed 7 terabytes of names, sexual orientations, payment logs, and email and chat transcripts -- 10.88 billions records in all. From the report: First of all, very important distinction here: There's no evidence that CAM4 was hacked, or that the database was accessed by malicious actors. That doesn't mean it wasn't, but this is not an Ashley Madison-style meltdown. It's the difference between leaving the bank vault door wide open (bad) and robbers actually stealing the money (much worse). [...] The list of data that CAM4 leaked is alarmingly comprehensive. The production logs Safety Detectives found date back to March 16 of this year; in addition to the categories of information mentioned above, they also included country of origin, sign-up dates, device information, language preferences, user names, hashed passwords, and email correspondence between users and the company.

Out of the 10.88 billion records the researchers found, 11 million contained email addresses, while another 26,392,701 had password hashes for both CAM4 users and website systems. A few hundred of the entries included full names, credit card types, and payment amounts. Who's Affected? It's hard to say exactly, but the Safety Detectives analysis suggests that roughly 6.6 million US users of CAM4 were part of the leak, along with 5.4 million in Brazil, 4.9 million in Italy, and 4.2 million in France. It's unclear to what extent the leak impacted both performers and customers. The report says CAM4's parent company, Granity Entertainment, took the server offline within a half hour of being contacted by the researchers.

Apple's virtual WWDC event will start on June 22, Apple said today. It will be hosted in the Apple Developer app and the Apple Developer website and it will be free for all developers. Apple does plan to hold a keynote event, presumably on June 22 when WWDC begins.

This week long-time open source advocate Matt Asay warned employers that the best way to keep their developers happy was to let them contribute to open source projects: SlashData recently surveyed over 16,000 developers to see what makes them tick... what they care about. The data is collected in SlashData's State of the Developer Nation, though let me give you the tl;dr: 59% of developers contribute to open source software today. Why do they contribute? The top two reasons are: To improve coding skills and because they believe in open source.

Want to keep those developers happy and employed with you? Let them contribute...

[Y]our employees want to contribute both code and knowledge — they want to be part of something. Talking to Bert Hubert, founder of PowerDNS, a supplier of open source DNS software, services, and support, he stressed that an open source project must be "a fun place where people feel that they are learning things, that they're contributing things, that they're being valued." Perhaps not surprisingly, these are the same elements developers expect from their employers. By making open source a valued part of workplace expectations, employers tick both boxes.

Is it an absolute requirement that you encourage your developers to contribute to open source projects? No. But many of your best developers will chafe at keeping their talents locked up behind the firewall, and other developers simply won't apply if you have a reputation for being an open source scrooge.
The article was written by Matt Asay, a former COO of Canonical now working at AWS. (Right before becoming Canonical's COO, Matt answered questions from Slashdot readers).

The survey he cites also found that out of 17,000 developers they talked to, just 3% said they were paid to contribute to open source.

The other 97% contributed for free.

Three female employees at Oracle scored a major victory in court, gaining the right to represent thousands of others in a gender-discrimination lawsuit over pay, a legal milestone that has eluded women at other tech titans. From a report: A California state judge certified the class action Thursday, allowing the lawsuit to advance on behalf of more than 4,000 women who claim the database giant pays men more for doing the same job. "Whether the jobs at issue in this case are substantially equal or similar is a question of fact for a jury," California Superior Court Judge V. Raymond Swope in Redwood City said in the 25-page ruling, rejecting Oracle's claim that each is an individual case because people in the same job code don't perform substantially similar work. The ruling gives the women critical leverage in pursuing the case under the state's Equal Pay Act.

About a year ago, Microsoft launched Visual Studio Online, its online code editor based on the popular Visual Studio Code project. It')s basically a full code editor and hosted environment that lives in your browser. Today, the company announced that it is changing the name of this service to Visual Studio Codespaces. It's also dropping the price of the service by more than 50% and giving developers the option to run it on relatively low-performance virtual machines that will start at $0.08 per hour. In today's announcement, Microsoft's Scott Hanselman points out that the company learned that most developers who used Visual Studio Online thought of it as being much more than simply an editor in the browser.

The British Museum has revamped its online collections database, making over 1.9 million photos of its collection available for free online under a Creative Commons license. ianVisits reports: Under the new agreement the majority of the 1.9 million images are being made available for anyone to use for free under a Creative Commons 4.0 license. Users no longer need to register to use these photographs, and can now download them directly from the British Museum. Under the terms of the Creative Commons license, you are free to share and adapt the images for non-commercial use, but must include a credit to the British Museum. The relaunch also sees 280,000 new object photographs and 85,000 new object records published for the very first time, many of them acquisitions the Museum has made in recent years, including 73 portraits by Damian Hirst, a previously lost watercolour by Rossetti, and a stunning 3,000-year-old Bronze age pendant. You can view the whole online collection here.

Zoom selected Oracle to expand its cloud on Tuesday, bypassing major cloud leaders Amazon Web Services, Alphabet's Google Cloud Platform and Microsoft's Azure Cloud. The terms of the deal were not disclosed. CNBC reports: "We recently experienced the most significant growth our business has ever seen, requiring massive increases in our service capacity. We explored multiple platforms, and Oracle Cloud Infrastructure was instrumental in helping us quickly scale our capacity and meet the needs of our new users," Zoom CEO Eric Yuan said in a press release. "We chose Oracle Cloud Infrastructure because of its industry-leading security, outstanding performance and unmatched level of support."

Zoom already uses Amazon and Microsoft's cloud services, but went with Oracle for its latest expansion. Oracle founder and chairman Larry Ellison praised Zoom earlier this month, calling it an "essential service" during the coronavirus pandemic. Oracle said in a release that Zoom chose its service for Oracle's "advantages in performance, scalability, reliability and superior cloud security." It's a surprising move from Zoom, as it chose Oracle over its larger competitors. According to research firm Canalys, Amazon had the largest cloud market share at the end of 2019 with 32.4%, followed by Microsoft, with 17.6%, and Google, with 6%.