Security engineer Ivan writes: For some reason Apple allows "subscription scam" apps on the App Store. These are apps that are free to download and then ask you to subscribe right on launch. It's called the freemium business model, except these apps ask you to subscribe for "X" feature(s) immediately when you launch them, and keep doing so, annoyingly, over and over until you finally subscribe. By subscribing you get a number of "free days" (trial) and then they charge you weekly/monthly/yearly for very basic features like scanning QR Codes.

I've been trying to monitor apps that have these characteristics: 1. They have In-App purchases for their subscriptions. 2. They have bad reviews, specially with words like "scam" or "fraud". 3. Their "good" reviews are generic, potentially bot-generated. This weekend I focused on 5 apps from 2 different developers and to my surprise they are very similar, not only their UI/UX but also their code is shared and their patterns are absolutely the same. A side from being classic subscription scam apps, I wanted to examine how they work internally and how they communicate with their servers and what type of information are they sending.

Amazon announced Thursday that it will spend up to $700 million over the next six years retraining 100,000 of its US employees, mostly in technical skills like software engineering and IT support. From a report: Amazon is already one of the largest employers in the country, with almost 300,000 workers (and many more contractors) and it's particularly hungry for more new talent. The company currently has more than 20,000 vacant US roles, over half of which are at its headquarters in Seattle. Meanwhile, the US economy is booming, and there are now more open jobs than there are unemployed people who can fill them, according to the Bureau of Labor Statistics. "The purpose isn't really to create a job ladder from fulfillment center to CEO, but rather to meet employees where they are and to create opportunities for them to build on the skills that they have," Ardine Williams, Amazon's vice president of workforce development, said in an interview Thursday morning. Amazon joins a number of other companies who have announced multimillion-dollar investments in retraining in recent years, as a tightening labor market and technological change forces businesses to evolve. Amazon has already spent thousands of dollars on worker retraining in its Career Choice program, which helps hourly associates pay for degree programs in other, high-demand fields. CEO Jeff Bezos said in a shareholder letter last year that more than 12,000 US employees have participated in the program since it began in 2012. Amazon said they will expand the program Thursday.

theodp writes: TechCrunch reports that Google kicked off the 2019 Computer Science Teachers Association (CSTA) Conference in style with the announcement of Code with Google, a new coding resource for teachers which collects Google's own free course curriculum on teaching computer science and coding. Google also announced a $1 million grant to the teachers group alongside the unveiling of Code with Google. To hear Google tell it, Code with Google -- much like bacon -- makes everything better. An English and Language Arts teacher, blogs Google Education VP Maggie Johnson, "didn't know much about computer science, but wanted her students to get familiar with coding because it can help with other skills, such as critical thinking and collaboration. So she tried a [Google] CS First activity where students coded different endings [video] to the story they read in class. Melissa says that, in a short time, 'the kids were problem solving, troubleshooting, and helping one another. It was incredible to hear the conversations about coding and the other concepts we were learning in the room.'" Johnson is also on the Board of tech-bankrolled Code.org, which reported it had spent $91.4 million (thru Dec. 2018) to get CS into K-12 schools (Google is a $3+ million Code.org Gold Sponsor). Not too surprisingly, one of the CSTA 2019 keynotes will be delivered by employees of Platinum Conference Sponsor Google, including a former CSTA Executive Director (CSTA is currently led by Code.org's former Director of State Government Affairs -- it's a small K-12 CS world!).

Slashdot reader volvox_voxel shares an excerpt from the latest blog post from software engineer Ken Shirriff, who is well known for his work on restoring some of the rarest computing hardware to its working condition: We've been restoring an Apollo Guidance Computer1. Now that we have the world's only working AGC, I decided to write some code for it. Trying to mine Bitcoin on this 1960s computer seemed both pointless and anachronistic, so I had to give it a shot. Implementing the Bitcoin hash algorithm in assembly code on this 15-bit computer was challenging, but I got it to work. Unfortunately, the computer is so slow that it would take about a billion times the age of the universe to successfully mine a Bitcoin block. He wasn't kidding about how long it would take to successfully mine a Bitcoin block. "The Apollo Guidance Computer took 5.15 seconds for one SHA-256 hash," writes Shirriff. "Since Bitcoin uses a double-hash, this results in a hash rate of 10.3 seconds per Bitcoin hash. Currently, the Bitcoin network is performing about 65 EH/s (65 quintillion hashes per second). At this difficulty, it would take the AGC 4x10^23 seconds on average to find a block. Since the universe is only 4.3x10^17 seconds old, it would take the AGC about a billion times the age of the universe to successfully mine a block."

Netflix Hangouts is a new Chrome extension that tries to make it easier to get away with watching Netflix while you're supposed to be working. Just go to the show you want to catch up on during work hours, and press the extension's icon in your Chrome menu to bring up a fake four-person conference call. Then you can sit back and watch the show in the window's bottom right feed while three fake colleagues get down to business. The Verge reports: The extension was developed by Mschf Internet Studios, which has produced a few internet curiosities like this over the years. There was the Slack channel that offered $1,000 in prize money for the first person to correctly guess each word of the day (it was shut down by Slack after just a week), a man who ate various foods as disgusting ice cream toppings, and who could forget Tabagotchi, the lovable virtual avatar that slowly died as you opened more and more tabs? Netflix Hangouts is the latest in a long line of services designed to let you slack off at work.

Mozilla is funding a project for bringing the Julia programming language to Firefox and the general browser environment. From a report: The project received funding part of the Mozilla Research Grants for the first half of 2019, which the browser maker announced on Friday. In April, when Mozilla opened this year's submissions period for research grants, the organization said it was looking for a way to bring data science and scientific computing tools to the web. It said it was specifically interested in receiving submissions about supporting R or Julia at the browser level. Both R and Julia are programming languages designed for high-performance numerical, statistical, and computational science.

Mozilla engineers have worked in previous years to port data science tools at the browser level, as part of Project Iodide. Previously, as part of this project, Mozilla engineers ported the Python interpreter to run in the browser using WebAssembly. "This project, Pyodide, has demonstrated the practicality of running language interpreters in WebAssembly," Mozilla engineers said.

Matt Klein, a member of the Go steering committee recently apologized for the angst caused to some people by "the try() kerfuffle... Change is hard, but sometimes it's for the best."

Tech columnist Mike Melanson covers the kerfuffle over the newly-proposed feature, while trying "not to over-dramatize what is happening." There is disagreement and conflicting views, but working through those views is how the open source sausage is made, is it not? Of course, in the Go community, how the core team receives those opposing views may be a point of soreness among some who vehemently opposed the vgo package versioning for Go and felt that, in the end, it was rammed through despite their objections. As one Gopher points out, it is better to debate now than summarily accept and then later deprecate...

As Go makes its way to Go 2.0, with Go 1.14 currently taking center stage for debate, there is, again, as Klein points out, some kerfuffle about a newly proposed feature called try(), which is "designed specifically to eliminate the boilerplate if statements typically associated with error handling in Go." According to the proposal, the "minimal approach addresses most common scenarios while adding very little complexity to the language" and "is easy to explain, straightforward to implement, orthogonal to other language constructs, and fully backward-compatible" as well as extensible for future needs.

Much of the disagreement around try() comes in the form of whether or not the resultant code is more or less readable than current implementations of error handling. Beyond that, however, some say that even if try() were accepted, it has faults that would prevent them from recommending or even allowing its use among their teams. Meanwhile, another point of contention is offered in an open letter to the Go team about try by William Kennedy who often writes about Go, and focuses on not style or function, but rather whether or not a solution is needed at all. According to Kennedy, "the perceived error handling complaints are perhaps overblown and these changes are not what the majority of Go developers want or need" and that try() may be a solution searching for a problem, and even the cause of more problems than it solves."Since this new mechanic is going to cause severe inconsistencies in code bases, disagreements on teams, and create an impossible task for product owners to enforce consistent guidelines, things need to be slowed down and more data needs to be gathered," Kennedy writes.

He goes on to point out those very sensitivities that may have lingered from previous discussions in the Go community. "This is a serious change and it feels like it's being pushed through without a concerted effort to understand exactly what those 5% of Go developers meant when they said they wanted improved error handling...."

The Indian Institute of Technology (IIT) Madras has released the software development kit (SDK) for its open-source Shakti processor. Shakti is based on the open-source RISC-V instruction set architecture and was funded by the Indian Ministry of Electronics and Information Technology. The institute promised that a development board will also be released soon. Tom's Hardware reports: The RISE group at IIT Madras started working on the Shakti project in 2016 with a plan to release a family of six classes of processors, each serving a different market. The group promised that the reference processors will be competitive with commercial offerings in terms of area, performance and power consumption. Now India, like China and the European Union, are showing interest in designing their own processors, rather than relying on ones designed by U.S. manufacturers. With the release of the Shakti SDK, developers can begin to develop applications for the Shakti processors, even before they're commercialized.

An anonymous reader quotes a report from The Register: Ahead of its first day in a U.S. federal claims court in Washington DC, Oracle has outlined its position against the Pentagon's award of the Joint Enterprise Defense Infrastructure (JEDI) cloud contract to Amazon Web Services. Big Red's lengthy filing questions the basis of Uncle Sam's procurement procedure as well as Amazon's hiring of senior Department of Defense staff involved in that procurement process. Oracle's first day in court is set for 10 July. The JEDI deal could be worth up to $10 billion over 10 years. The Department of Defense handed the contract to AWS after deciding that only Amazon and Microsoft could meet the minimum security standards required in time.

Oracle's filing said that U.S. "warfighters and taxpayers have a vested interest in obtaining the best services through lawful, competitive means... Instead, DoD (with AWS's help) has delivered a conflict-ridden mess in which hundreds of contractors expressed an interest in JEDI, over 60 responded to requests for information, yet only the two largest global cloud providers can clear the qualification gates." The company said giving JEDI, with its "near constant technology refresh requirements", to just one company was in breach of procurement rules. It accused the DoD of gaming the metrics used in the process to restrict competition for the contract. Oracle also accused Amazon of breaking the rules by hiring two senior DoD staff, Deap Ubhi and Anthony DeMartino, who were involved in the JEDI procurement process. Ubhi is described as "lead PM." A third name is redacted in the publicly released filing. The DoD, which is expected to make an offer to settle the case in late August, said in a statement: "We anticipate a court decision prior to that time. The DoD will comply with the court's decision. While the acquisition and litigation processes are proceeding independently the JEDI implementation will be subject to the determination of the court."

The 50-page filing can be found here (PDF).

An anonymous reader shares a report: As part of this year's annual Steam Summer Sale, Valve is hosting a new "Grand Prix" promotion that gives participants a chance at free games if they complete certain daily "quests" on the platform. But confusion over how the promotion works seems to be leading Steam users to delete some low-cost indie games from their Steam wishlists in a misguided attempt to maximize the value of their potential winnings. "We lost 1,500 wishlists in the first 24 hours of the sale," No More Robots Director Mike Rose told Ars regarding the four indie games the publisher sells on Twitter. "Usually you lose, like, 20 in a day."

No More Robots is far from alone. Mode 7 Games' Paul Kilduff-Taylor tweeted a graph showing wishlist deletions spiking to over 1,100 following the start of the sale on Tuesday. SixtyGig Games's Raymond Doerr showed a similar increase in deletions for his game at the same time, outpacing a smaller rise in additions and purchases from the wishlist. There are now enough anecdotal examples of this effect across multiple indie games, all starting on the first day of the sale, to suggest this marked increase is something more than random chance.

Tekla Perry writes: When WYSIWIG pioneer Charles Simonyi went to space, he couldn't but help notice the awkward user interface on the rocket's control panel. It was a case of legacy systems, not wanting to change training and documentation, and an emulator that ran Unix on a 386 chip, he reported during a recent discussion on space software held at the Computer History Museum. "They liked the older chips because of radiation resistance and the feature set," he pointed out, noting how operation of the virtual interface was trickier than it seemed. "There are rows and columns," he said, "and you move the cursor over the button and use another button to push the virtual button."

"On the right side," he said, "there are these windows that are numbers you type in by pushing virtual buttons below them. You use the cursor keys to go to the virtual buttons then push an entry button that is virtual." He added: "You can see that even as the technology changes, they want to keep as many things the same as possible."

Oracle has sent the following email to customers of DYN service: Since Oracle acquired Dyn in 2016 (and subsequently acquired Zenedge), the engineering teams have been working diligently to integrate Dyn;s products and network into the Oracle Cloud Infrastructure. With the completion of this upgrade to Oracle Cloud Infrastructure. Oracle is announcing the end-of-life for the free Standard DNS service in favor of the enhanced, paid subscription version on the Oracle Cloud Infrastructure platform. On May 31, 2020, the 'EOL Date', the Standard DNS will be retired and will no longer be available. The following capabilities are not currently supported in Oracle Cloud Infrastructure DNS: Webhop (HTTP redirect), Dynamic DNS, Zone transfer to external nameservers, and DNSSEC.

For years, companies like Oracle and IBM invested heavily to build new markets in China for their industry-leading databases. Now, boosted in part by escalating U.S. tensions, one Chinese upstart is stepping in, winning over tech giants, startups and financial institutions to its enterprise software. From a report: Beijing-based PingCAP already counts more than 300 Chinese customers. Many, including food delivery giant Meituan, its bike-sharing service Mobike, video streaming site iQIYI and smartphone maker Xiaomi are migrating away from Oracle and IBM's services toward PingCAP's, encapsulating a nation's resurgent desire to Buy China. PingCAP's ascendancy comes as the U.S. cuts Huawei off from key technology, sending chills through the country's largest entities while raising questions about the security of foreign-made products. That's a key concern as Chinese companies modernize systems in every industry from finance and manufacturing to healthcare by connecting them to the internet.

Canonical has issued a statement on Ubuntu's 32-bit future, saying it will continue to build and maintain a 32-bit archive going forward. From a report: Of course, there was some negativity surrounding the decision -- as is common with everything in the world today. In particular, developers of WINE were upset, since their Windows compatibility layer depends on 32-bit, apparently. In a statement, Canonical said: "Thanks to the huge amount of feedback this weekend from gamers, Ubuntu Studio, and the WINE community, we will change our plan and build selected 32-bit i386 packages for Ubuntu 19.10 and 20.04 LTS. We will put in place a community process to determine which 32-bit packages are needed to support legacy software, and can add to that list post-release if we miss something that is needed. Community discussions can sometimes take unexpected turns, and this is one of those. The question of support for 32-bit x86 has been raised and seriously discussed in Ubuntu developer and community forums since 2014. That's how we make decisions."

On Princeton's "Freedom to Tinker" site, the founder of the ENIAC Programmers Project summarizes 20 years of its research, remembering the "incredible acts of computing innovation during and just after WWII" that "established the foundation of modern computing and programming."

Commissioned in 1942, and launched in 1946, the ENIAC computer, with its 18,000 vacuum tubes, was the world's very first modern computer (all-electronic, programmable, and general-purpose). "Key technologists of the time, of course, told the Army that the ENIAC would never work."

Slashdot reader AmiMoJo quotes Cory Doctorow: The ENIAC programmers had to invent programming as we know it, working without programming codes (these were invented a few years later for UNIVAC by Betty Holberton): they "broke down the differential calculus ballistics trajectory program" into small steps the computer could handle, then literally wired together the program by affixing cables and flicking the machine's 3,000 switches in the correct sequences. To capture it all, they created meticulous flowcharts that described the program's workings.
From the site: Gunners needed to know what angle to shoot their artillery to hit a target 8 to 10 miles away.... The Army's Ballistics Research Labs (BRL) located women math graduates from schools nearby [who] worked day and night, six days a week, calculating thousands of ballistics trajectories which were compiled into artillery firing tables and sent to soldiers in the battlefields. It was a tremendous effort. Second, the Army and BRL agreed to commission a highly-experimental machine... [Six] women studied ENIAC's wiring and logical diagrams and taught themselves how to program it...

After the war, the Army asked all six ENIAC Programmers to continue their work -- no solider returning home from the battlefield could program ENIAC... Others made other pivotal contributions: Jean Bartik led the team that converted ENIAC to one of the world's first stored program computer and her best friend Betty Holberton joined Eckert Mauchly Computer Corporation and wrote critical new programming tools for UNIVAC I, the first commercial computer, including the C-10 instruction code (predecessor to programming languages). You can still find its original operating manual online. ("Do not open d-c fuse cabinet with the d-c power turned on. This not only exposes a person to voltage differences of around 1500 volts but the person may be burned by flying pieces of molten fuse wire in case a fuse should blow.")

It performed calculations that helped design the world's first hydrogen bomb.

Technology writer Matthew MacDonald began writing QuickBASIC code back in 1988 on the DOS operating system, sharing it on a 3.5-inch floppy disk. "I still remember writing code in white text on its cheery blue background..."

He tells his readers on Medium that "I have a confession to make. Before I became a respectable developer working with modern curly-bracket languages like C# and Java (and that hot mess of a platform we call JavaScript), I was a dedicated fan of the wildly popular misfit Visual Basic..."

At the same time that Microsoft released Windows 3.0 -- the first version that was truly successful -- they also launched Visual Basic 1.0. Here was something entirely new. You could create buttons for your programs by drawing them on the surface of a window, like it was some kind of art canvas. To make a button do something, all you had to do was double-click it in the design environment and write some code. And you didn't use cryptic C++ code, with piles of classes, complex memory management, and obscure calls into the Windows API. Instead, you wrote friendly-looking VB code, like a civilized person.

All the graphical pizzazz was impressive, but the real secret to VB's success was its practicality. There was simply no other tool that a developer could use to sketch out a complete user interface and get coding as quickly as VB... By the release of VB 6 -- the last version of classic Visual Basic -- it was estimated that there were ten times more coders writing in VB than in the unforgiving C++ language. And they weren't just mocking up toy applications. Visual Basic wormed its way into company offices and even onto the web through ASP (Active Server Pages), another monstrously popular technology. Now you could create web pages that talked to VB components, called databases, and wrote HTML on the fly...

Today, Visual Basic is in a strange position. It has roughly 0% of the mindshare among professional developers -- it doesn't even chart in professional developer surveys or show up in GitHub repositories. However, it's still out there in the wild, holding Office macros together, powering old Access databases and ancient ASP web pages, and attracting .NET newcomers. The TIOBE index, which attempts to gauge language popularity by looking at search results, still ranks VB in the top five most talked-about languages. But it seems that the momentum has shifted for the last time. In 2017, Microsoft announced that it would begin adding new language features to C# that might never appear in Visual Basic. The change doesn't return VB to ugly duckling status, but it does take away some of its .NET status....

Visual Basic has been threatened before. But this time feels different. It seems like the sun is finally setting on one of the world's most popular programming languages. Even if it's true, Visual Basic won't disappear for decades. Instead, it will become another legacy product, an overlooked tool without a passion or a future.
He remembers that the last versions of Visual Basic even supported object-oriented programming with interfaces, polymorphism, and class libraries, but argues that to create .NET, Microsoft "had to throw away almost all of classic VB."

For example, "Classic VB programmers had to change the way they counted array elements. No longer could they start at 1, like ordinary people. Now they had to start at 0, like official programmers."

Intel's One API project aims "to simplify application development across diverse computing architectures."

Now an anonymous reader quotes Phoronix: Intel announced an interesting development in their oneAPI initiative: they are developing a new programming language/dialect. Intel originally began talking about oneAPI last December for optimizing code across CPUs / GPUs / FPGAs and as part of "no transistor left behind...."
The article then acknowledges "the SYCL single-source C++ programming standard from The Khronos Group we've expected Intel to use as their basis for oneAPI," before noting Intel is going "a bit beyond..."

"Data Parallel C++ (DPC++) is their 'new direct programming language' aiming to be an open, cross-industry standard and based on C++ and incorporating SYCL."

An anonymous reader quotes a report from Motherboard: The Oregon Department of Corrections has banned prisoners from reading a number of books related to technology and programming, citing concerns about security. According to public records obtained by the Salem Reporter, the Oregon Department of Corrections has banned dozens of books related to programming and technology as they come through the mail room, ensuring that they don't get to the hands of prisoners. At least in official department code, there is no blanket ban on technology-related books. Instead, each book is individually evaluated to assess potential threats. Many programming-related books are cited as "material that threatens," often including the subject matter ("computer programming") as justification. The Oregon Department of Corrections (DOC) worries that prisoners could use the tools mentioned in some of the programming-related books to compromise their systems. But what's odd is the scope of the ban. Justin Seitz's Black Hat Python book failed the prison's security test since it's geared towards hacking, but so did the book Windows 10 for Dummies, Microsoft Excel 16 for Dummies which simply teaches proficiency in Excel and Windows 10.

Officials at the DOC argue that knowledge of even these basic programs can pose a threat to prisons. "Not only do we have to think about classic prison escape and riot efforts like digging holes, jumping fences and starting fires, modernity requires that we also protect our prisons and the public against data system breaches and malware," DOC spokesperson Jennifer Black said in an emailed statement. "It is a balancing act we are actively trying to achieve."

An anonymous reader quotes a report from ZDNet: A MongoDB database was left open on the internet without a password, and by doing so, exposed the personal details and prescription information for more than 78,000 U.S. patients. The database contained information on 391,649 prescriptions for a drug named Vascepa; used for lowering triglycerides (fats) in adults that are on a low-fat and low-cholesterol diet. Additionally, the database also contained the collective information of over 78,000 patients who were prescribed Vascepa in the past. Leaked information included patient data such as full names, addresses, cell phone numbers, and email addresses, but also prescription info such as prescribing doctor, pharmacy information, NPI number (National Provider Identifier), NABP E-Profile Number (National Association of Boards of Pharmacy), and more. According to vpnMentor, the company that left the database open may have violated HIPAA, and may be in line for a hefty fine for failing to encrypt the patient data it had stored on the database server, a HIPAA golden rule," the report adds. "However, Dissent, the administrator of DataBreaches.net, a website dedicated to tracking data breaches and HIPAA violations, told ZDNet that just because a system stores medical information, it doesn't mean it's necessarily covered by HIPAA. Until the database owner is found, no other conclusions can be drawn."

An anonymous reader quotes a report from Ars Technica: Oracle on Tuesday published an out-of-band update patching a critical code-execution vulnerability in its WebLogic server after researchers warned that the flaw was being actively exploited in the wild. The vulnerability, tracked as CVE-2019-2729, allows an attacker to run malicious code on the WebLogic server without any need for authentication. That capability earned the vulnerability a Common Vulnerability Scoring System score of 9.8 out of 10. The vulnerability is a deserialization attack targeting two Web applications that WebLogic appears to expose to the Internet by default -- wls9_async_response and wls-wsat.war. The flaw in Oracle's WebLogic Java application servers came to light as a zero-day four days ago when it was reported by security firm KnownSec404.