In July, GitHub blocked several accounts to prevent users in Iran from accessing several portions of its service. A few days later Amazon Web Services followed suite. With major cloud services pulling support for developers in the country, many lost their academic work and several apps ceased to function. A solution for these developers now is to cut reliance on American giants and build their own services. But there's a catch: Internet in Iran is heavily censored, so they can't rely on local networks.

After Trump backed away from the nuclear deal, there's been a tremendous pressure on tech companies to block IPs from Iran. Plus, Mozilla decided to omit a whole transparency section in its report on the country succumbing to the government pressure. With sanctions on one side and censorship on the other, there's a tough road ahead for developers. Ivan Mehta, a journalist at The Next Web, looks at the issue.

An open database exposing records containing the sensitive data of hotel customers as well as US military personnel and officials has been disclosed by researchers. ZDNet reports: On Monday, vpnMentor's cybersecurity team, led by Noam Rotem and Ran Locar, said the database belonged to Autoclerk, a service owned by Best Western Hotels and Resorts group. Autoclerk is a reservations management system used by resorts to manage web bookings, revenue, loyalty programs, guest profiles, and payment processing.

In a report shared with ZDNet, the researchers said the open Elasticsearch database was discovered through vpnMentor's web mapping project. It was possible to access the database, given it had no encryption or security barriers whatsoever, and perform searches to examine the records contained within. The team says that "thousands" of individuals were impacted, although due to ethical reasons it was not possible to examine every record in the leaking database to come up with a specific number. Hundreds of thousands of booking reservations for guests were available to view and data including full names, dates of birth, home addresses, phone numbers, dates and travel costs, some check-in times and room numbers, and masked credit card details were also exposed. Some of the records were logs for U.S. Army generals visiting Russia and Israel, the report says. In total, the AWS-hosted database contained over 179GB of data.

David Shayer, who worked as a software engineer at Apple for 18 years across iPod, the Apple Watch, and Apple's bug-tracking system Radar, among other projects, looks at the current iOS and macOS releases and tries to work out why they are so buggy. He writes: 1. Overloaded Feature Lists Lead to Schedule Chicken: Apple is aggressive about including significant features in upcoming products. Tight schedules and ambitious feature sets mean software engineers and quality assurance (QA) engineers routinely work nights and weekends as deadlines approach. Inevitably some features are postponed for a future release, as we saw with iCloud Drive Folder Sharing. In a well-run project, features that are lagging behind are cut early, so engineers can devote their time to polishing the features that will actually ship. But sometimes managers play "schedule chicken" since no one wants to admit in the departmental meeting that their part of the project is behind. Instead, they hope someone else working on another aspect of that feature is running even later, so they reap the benefit of the feature being delayed without taking the hit of being the one who delayed it. But if no one blinks, engineers continue to work on a feature that can't possibly be completed in time and that eventually gets pushed off to a future release.

2. Crash Reports Don't Identify Non-Crashing Bugs: If you have reporting turned on (which I recommend), Apple's built-in crash reporter automatically reports application crashes, and even kernel crashes, back to the company. A crash report includes a lot of data. Especially useful is the stack trace, which shows exactly where the code crashed, and more importantly, how it got to that point. A stack trace often enables an engineer to track down the crash and fix it. Crash reports are uniquely identified by the stack trace. The same stack trace on multiple crash reports means all those users are seeing the same crash. The crash reporter backend sorts crash reports by matching the stack traces, and those that occur most often get the highest priority. Apple takes crash reports seriously and tries hard to fix them. As a result, Apple software crashes a lot less than it used to. Unfortunately, the crash reporter can't catch non-crashing bugs. It's blind to the photos that never upload to iCloud, the contact card that just won't sync from my Mac to my iPhone, the Time Capsule backups that get corrupted and have to be restarted every few months, and the setup app on my new iPhone 11 that got caught in a loop repeatedly asking me to sign in to my iCloud account, until I had to call Apple support. (These are all real problems I've experienced.) Shayer has offered several more possible explanations in the original post.

Christine Peterson, a long-time futurist who co-founded the nanotech advocacy group the Foresight Institute in 1986 and coined the term "Open Source software" among other things writes: I am currently cited on the home page of the Ethical Source Movement, home of the Ethical Source Definition: "In the twenty years since Christine Peterson first coined the term 'open source', our community has grown astronomically, all the while learning from its successes and failures." While it is pleasant to be cited, some might interpret this as my 100% endorsement, and this would be incorrect. The Definition calls for a code of conduct, which by itself is not a problem. And a sample of such a code that I examined uses plain, seemingly-clear English words such as reasonable, inappropriate, harassment, etc. As always, the devil is in the details, or in this case, the interpretation. Although I am not a coder, and am only peripherally involved with the Open Source community these days, it has come to my attention that guidelines such as these are being used to, for example, suppress discussion of male/female differences. This would be problematic for me to endorse, since as part of my never-ending quest to help people find their life partner, I routinely discuss such topics at length myself (video online now).

This raises the broader question of whether speech bans in general are a good idea and serve effectively to advance positive goals, or not. To explore this issue with less emotion, let's make up a fantasy example. Let's say that a rumor arises that people who are genetically able to taste phenylthiocarbamide (PTC) are better at coding. The rumor goes viral. Job seekers with the supposedly favorable status put it on their LinkedIn page and try to send genetic test results to prospective employers, along with their resumes.

Those unable to taste PTC try to suppress the rumor, fail, organize protests, and finally resort to speech bans regarding PTC status. People who brag about their tasting status, point out that someone else is a non-taster, or even just try to discuss the topic itself more generally, lose their positions on open source projects and even in some cases their jobs.

Do these punished individuals then realize the error of their ways? By no means: they are now martyrs, drift in a more radical direction, and become leaders of PTC taster groups who feel they are victims of reverse discrimination. They form secret online groups in which genetic data must be submitted to join, and they quietly meet in person to show off tasting abilities in blind tests. They bond and form communities which reinforce their superior identity as tasters. Believing that 'tasters are better coders' is now regarded as Secret Banned Knowledge.

Statisticians try to point out that even if the claim is true, such a correlation is not usefully predictive since great coders are found among both tasters and non-tasters. They further point out that this means finding good coders requires testing for those skills regardless of PTC status, so what difference does it really make? Meanwhile the general public looks on, notices the speech ban, and decides that if such extreme action must be taken against the Secret Banned Knowledge, that knowledge must be powerful indeed, and true.

Perhaps speech bans worked better in the old days, before the internet enabled outcasts to find each other, but in any case they don't seem to work well now, as we see with racist speech bans in Europe. One can even make the case that this heavy-handed way of trying to solve social problems was one factor (among many) that helped elect Trump president.

So if speech bans aren't the answer, what is? How do we persuade people to step away from incorrect biased views and treat others better? Sadly, there are no easy answers, just difficult work. We can divide the world needing persuading into two groups: (A) those who can be persuaded with rational discussion, and (B) the others. For group A, we use rational discussion. For group B, we need to look at why they are in such desperate need of identity and community that they latch onto false stories of their superiority. For those with the stomach for it, we can try to copy the success of Daryl Davis, the African-American musician who has converted over two dozen white supremacists away from their old beliefs -- by befriending them. This is how hearts and minds are changed, one by one.

An anonymous reader quotes a report from The Associated Press: The Trump administration is planning to collect DNA samples from asylum-seekers and other migrants detained by immigration officials and will add the information to a massive FBI database used by law enforcement hunting for criminals, a Justice Department official said. The Justice Department on Monday issued amended regulations that would mandate DNA collection for almost all migrants who cross between official entry points and are held even temporarily. The official said the rules would not apply to legal permanent residents or anyone entering the U.S. legally, and children under 14 are exempt, but it's unclear whether asylum-seekers who come through official crossings will be exempt. The new policy, which was first reported in October, would allow the government to collect DNA samples from hundreds of thousands of people booked into federal immigration custody each year for entry into a national criminal database. Immigrant and privacy advocates said at the time that the move "raised privacy concerns for an already vulnerable population that could face profiling or discrimination as a result of their personal data being shared among law enforcement authorities."

Trump administration officials say hope the database will lead to more crimes being solved and act as a deterrent to prevent migrants from trying to enter the United States. The new regulations go into effect Tuesday.

Mark Hurd, who was co-chief of Oracle, one of the world's top business-software firms, until he stepped aside last month for health reasons, died Friday. He was 62. From a report: "Oracle has lost a brilliant and beloved leader who personally touched the lives of so many of us during his decade at Oracle," Oracle chairman Larry Ellison wrote. "All of us will miss Mark's keen mind and rare ability to analyze, simplify, and solve problems quickly. Some of us will miss his friendship and mentorship. I will miss his kindness and sense of humor." Hurd announced a leave of absence from Oracle in September due to unspecified health reasons. Oracle stock had gone up about 37% since he and Safra Catz were appointed as CEOs in September 2014.

theodp writes: On Thursday evening, Amazon is hosting a national field trip of sorts, inviting kids and teachers to take part in a Twitch livestream tour inside an Amazon robotics fulfillment center with the goal of inspiring students to learn about robotics and to "illustrate the importance of a computer science education." From the press release: "On the tour, students will see first-hand how teams of associates work alongside robotic technologies to fulfill customer orders. They will see where inventory items are stowed into the system, learn how robots bring storage pods to our associates to pick customer items, and finally, they'll see trucks being loaded with thousands of customer orders." Hey, "program, or be programmed," as they warn kids and parents over at Amazon-bankrolled Code.org!

GitLab, a San-Francisco provider of hosted git software, recently changed its company handbook to declare that it won't ban potential customers on "moral/value grounds," and that employees should not discuss politics at work. The Register reports: The policy addition, created by co-founder and CEO Sid Sijbrandij and implemented as a git pull request, was merged (with no approval required) about two weeks ago. It was proposed to clarify that GitLab is committed to doing business with "customers with values that are incompatible with our own values." Such a declaration could run afoul of legal boundaries in some circumstances. While workers have no constitutional speech protection in the context of their employment, federal labor law requires that employees be allowed to discuss the terms and conditions of their employment and possible unlawful conduct like harassment, discrimination, and safety violations.

But it's perhaps understandable given how, over the past few years, workers in the tech industry have become more vocal in objecting to business deals with entities deemed to be immoral or work that conflicts with declared or presumed values. Sijbrandij amended his company's handbook to state: "We do not discuss politics in the workplace and decisions about what customer to serve might get political." And what reason does Sijbrandij's pull request provide to support this position? It says, "Efficiency is one of our values and vetting customers is time consuming and potentially distracting."

Continuing its embracing of open source, Microsoft has today announced two new open source projects. From a report: The first is Open Application Model (OAM), a new standard for developing and operating applications on Kubernetes and other platforms. The second project is Dapr (Distributed Application Runtime), designed to make it easier to build microservice applications. Microsoft says that both OAM and Dapr "help developers remove barriers when building applications for cloud and edge." Microsoft has worked on OAM with Alibaba, and the aim is to simplify the development and deployment of applications. The company explains that: "OAM is a specification for describing applications so that the application description is separated from the details of how the application is deployed onto and managed by the infrastructure. This separation of concerns is helpful for multiple reasons." The second open source project is Dapr, which Microsoft describes as "an open source, portable, event-driven runtime that makes it easy for developers to build resilient, microservice stateless and stateful applications that run on the cloud and edge."

The npm ecosystem of JavaScript libraries is more interwoven than most developers think, and the entire thing is a gigantic house of cards, being one bad hack away from compromising hundreds of thousands of projects, according to a recent academic study. From a report: The research, carried out by the Department of Computer Science from the Technical University of Darmstadt, in Germany, analyzed the dependency graph of the entire npm ecosystem. Researchers downloaded metadata for all the npm packages published until April 2018 and created a giant graph that included 676,539 nodes and 4,543,473 edges (lines connecting the nodes). In addition, academics also analyzed different versions of the same packages, looking at historical versions (5,386,239 versions for the 676,539 packages), but also at the package maintainers (199,327 npm accounts), and known security flaws impacting the packages (609 public reports). [...]

Their goal was to get an idea of how hacking one or more npm maintainer accounts, or how vulnerabilities in one or more packages, reverberated across the npm ecosystem; along with the critical mass needed to cause security incidents inside tens of thousands of npm projects at a time. [...] But while some npm packages load code from too many packages and from too many developers, there is another dangerous trend forming on the npm package repository -- namely the consolidation of popular npm packages under a few maintainer accounts. "391 highly influential maintainers affect more than 10,000 packages, making them prime targets for attacks," the research team said. "If an attacker manages to compromise the account of any of the 391 most influential maintainers, the community will experience a serious security incident."

Scientists have uncovered a glitch in a piece of code that could have yielded incorrect results in over 100 published studies that cited the original paper. From a report: The glitch caused results of a common chemistry computation to vary depending on the operating system used, causing discrepancies among Mac, Windows, and Linux systems. The researchers published the revelation and a debugged version of the script, which amounts to roughly 1,000 lines of code, last week in the journal Organic Letters. "This simple glitch in the original script calls into question the conclusions of a significant number of papers on a wide range of topics in a way that cannot be easily resolved from published information because the operating system is rarely mentioned," the new paper reads. "Authors who used these scripts should certainly double-check their results and any relevant conclusions using the modified scripts in the [supplementary information]." Yuheng Luo, a graduate student at the University of Hawai'i at Manoa, discovered the glitch this summer when he was verifying the results of research conducted by chemistry professor Philip Williams on cyanobacteria. The aim of the project was to "try to find compounds that are effective against cancer," Williams said.

An anonymous reader writes: TED Conferences has its own educational YouTube channel (now with 10 million subscribers and over 1.5 billion views). Two weeks ago it launched a 10-episode animated series about computer programming, and its first episode -- The Prison Break -- has already been viewed nearly a quarter of a milllion times.

In the 7-minute video, a programmer wakes up in a prison cell -- with total amnesia -- and discovers a "mysterious stranger" squeezing through the jail cell's bars. It's a floating anthropomorphic drone, saying it needs the programmer's help to rescue a dystopian future world "in turmoil. Robots have taken over." The video introduces the computer programming concept of a loop -- since escaping the jail cell involves testing a key in every possible position. And the video's page on the TED-Ed web site offers links to related resources from Code.org and Free Code Camp, as well as from Advent of Code, "which is run by Eric Wastl, who consulted extensively on Think Like a Coder and inspired quite a few of the puzzles."

The episode ends with the programmer dangling from the flying drone, off on an attempt to recover three artifacts -- nodes of memory, power, and creation -- that are currently being used for "nefarious purposes."

Long-time Slashdot reader hondo77 notes that Larry Wall has given his approval to the re-naming of Perl 6.

In the "Path to Raku" pull request, Larry Wall indicated his approval, leaving this comment: I am in favor of this change, because it reflects an ancient wisdom:

"No one sews a patch of unshrunk cloth on an old garment, for the patch will pull away from the garment, making the tear worse. Neither do people pour new wine into old wineskins. If they do, the skins will burst; the wine will run out and the wineskins will be ruined. No, they pour new wine into new wineskins, and both are preserved."
"Perl 6 will become Raku, assuming the four people who haven't yet approved the pull request give their okay," reports the Register, adding that Perl 5 will then become simply Perl.

Dozens of comments on that pull request have now already been marked as "outdated," and while a few contributors have made a point of abstaining from the approval process, reviewer Alex Daniel notes that "this pull request will be merged on October 14th if nobody in the list rejects it or requests more changes."

Over 100 published studies may have incorrect results thanks to a glitchy piece of Python code discovered by researchers at the University of Hawaii.

An anonymous reader quotes Motherboard: The glitch caused results of a common chemistry computation to vary depending on the operating system used, causing discrepancies among Mac, Windows, and Linux systems. The researchers published the revelation and a debugged version of the script, which amounts to roughly 1,000 lines of code, on Tuesday in the journal Organic Letters.

"This simple glitch in the original script calls into question the conclusions of a significant number of papers on a wide range of topics in a way that cannot be easily resolved from published information because the operating system is rarely mentioned," the new paper reads. "Authors who used these scripts should certainly double-check their results and any relevant conclusions using the modified scripts in the [supplementary information]."

Yuheng Luo, a graduate student at the University of Hawaii at Manoa, discovered the glitch this summer when he was verifying the results of research conducted by chemistry professor Philip Williams on cyanobacteria... Under supervision of University of Hawaii at Manoa assistant chemistry professor Rui Sun, Luo used a script written in Python that was published as part of a 2014 paper by Patrick Willoughby, Matthew Jansma, and Thomas Hoye in the journal Nature Protocols . The code computes chemical shift values for NMR, or nuclear magnetic resonance spectroscopy, a common technique used by chemists to determine the molecular make-up of a sample. Luo's results did not match up with the NMR values that Williams' group had previously calculated, and according to Sun, when his students ran the code on their computers, they realized that different operating systems were producing different results.

Sun then adjusted the code to fix the glitch, which had to do with how different operating systems sort files.
The researcher who wrote the flawed script told Motherboard that the new study was "a beautiful example of science working to advance the work we reported in 2014. They did a tremendous service to the community in figuring this out."

Sun described the original authors as "very gracious," saying they encouraged the publication of the findings.

GitHub CEO Nat Friedman explained why the company plans to renew a contract with U.S. Immigration and Customs Enforcement (ICE), even though he and others at GitHub oppose ICE's policy of separating children from parents at the border, Motherboard reported on Wednesday, citing an internal GitHub email. From a report: The email shows the continuing debate within the tech industry about whether companies should work specifically with ICE, and comes as a host of other companies have dealt with employee protests over corporate involvement with ICE. "In August, the GitHub leadership team learned about a pending renewal of our product by the U.S. Immigration & Customs Enforcement (ICE) agency. Since then, we have been talking with people throughout the company, based on our own personal concerns and those raised by Hubbers," Friedman's email reads, referring to GitHub employees. Evan Greer, deputy director at activism group Fight for the Future tweeted a copy of the email on Tuesday. Motherboard also separately obtained a copy of the email from a source inside GitHub. The product up for renewal is a license of GitHub Enterprise Server, an on-premises deployment of GitHub that customers can run on their own server, according to the email. ICE originally bought a license in April, 2016.

An anonymous reader quotes a report from The Wall Street Journal: Some of the Federal Bureau of Investigation's electronic surveillance activities violated the constitutional privacy rights of Americans swept up in a controversial foreign intelligence program (Warning: source paywalled; alternative source), a secretive surveillance court has ruled. The ruling deals a rare rebuke to U.S. spying activities that have generally withstood legal challenge or review. The intelligence community disclosed Tuesday that the Foreign Intelligence Surveillance Court last year found that the FBI's pursuit of data about Americans ensnared in a warrantless internet-surveillance program intended to target foreign suspects may have violated the law authorizing the program, as well as the Constitution's Fourth Amendment protections against unreasonable searches.

The court concluded that the FBI had been improperly searching a database of raw intelligence for information on Americans -- raising concerns about oversight of the program, which as a spy program operates in near total secrecy. The court ruling identifies tens of thousands of improper searches of raw intelligence databases by the bureau in 2017 and 2018 that it deemed improper in part because they involved data related to tens of thousands of emails or telephone numbers -- in one case, suggesting that the FBI was using the intelligence information to vet its personnel and cooperating sources. Federal law requires that the database only be searched by the FBI as part of seeking evidence of a crime or for foreign intelligence information. In other cases, the court ruling reveals improper use of the database by individuals. In one case, an FBI contractor ran a query of an intelligence database -- searching information on himself, other FBI personnel and his relatives, the court revealed. U.S. District Judge James Boasberg said that the Trump administration failed to persuasively argue that the bureau would not be able to properly tackle national security threats if the program was altered to better protect citizen privacy.

Last year, Apple software chief Craig Federighi said developers would be able to easily bring their iPad apps to Mac computers, essentially letting coders write an app once and deploy it across millions more devices. So far, the reality has fallen short for some developers and is even leaving consumers paying twice for apps. From a report: Major app developers and service providers like Netflix are also demurring on taking part, at least at this early stage. Apple rolled out Catalyst, the technology to transition iPad apps into Mac versions, on Monday. It's the initial step toward a bigger goal: By 2021, developers should be able to build an app once and have it work on iPhones, iPads and Mac computers through a single, unified App Store. But the first iteration, which appears to still be quite raw and in a number of ways frustrating to developers, risks upsetting users who may have to pay again when they download the Mac version of an iPad app they've already bought.

"As a user, I don't want to pay again just to have the same app," said longtime Apple developer Steven Troughton-Smith. "As a developer, I don't want my users to have to make that decision." James Thompson has had to work harder than he expected to get his popular PCalc calculator iPad app running well on Mac computers. Getting paid a second time for that extra work makes sense for developers, but consumers may not immediately understand that after Apple made the porting process sound as easy as checking a box, he said. Kevin Reutter, who has brought his Planny app to Mac computers, called the situation "sad."

An anonymous reader quotes a report from ZDNet: At the 2019 Linux Plumbers Conference, I talked to Linus Torvalds and several other of the Linux kernel's top programmers. They universally agreed Microsoft wants to control Linux, but they're not worried about it. That's because Linux, by its very nature and its GPL2 open-source licensing, can't be controlled by any single third-party. Torvalds said: "The whole anti-Microsoft thing was sometimes funny as a joke, but not really. Today, they're actually much friendlier. I talk to Microsoft engineers at various conferences, and I feel like, yes, they have changed, and the engineers are happy. And they're like really happy working on Linux. So I completely dismissed all the anti-Microsoft stuff."

But that doesn't mean the Microsoft leopard can't change its spots. Sure, he hears, "This is the old Microsoft, and they're just biding their time." But, Torvalds said, "I don't think that's true. I mean, there will be tension. But that's true with any company that comes into Linux; they have their own objectives. And they want to do things their way because they have a reason for it." So, with Linux, "Microsoft tends to be mainly about Azure and doing all the stuff to make Linux work well for them," he explained. Torvalds emphasized this is normal: "I mean, that's just being part of the community." James Bottomley, an IBM Research Distinguished Engineer and top Linux kernel developer, sees Microsoft as going through the same process as all other corporate Linux supporters: "This is a thread that runs through Linux. You can't work on the kernel to your own proprietary advantage. A lot of companies, as they came in with the proprietary business model, assumed they could. They have to be persuaded that, if you want something in Linux, that will assist your business -- absolutely fine. But it has to go through an open development process. And if someone else finds it useful, you end up cooperating or collaborating with them to produce this feature." That means, to get things done, even Microsoft is "eventually forced to collaborate with others."

Bottomley concluded: "So it doesn't matter if Microsoft has a competing agenda to Red Hat or IBM or anybody else. Developers are still expected to work together in the Linux kernel with a transparent agenda."

The Transaction Processing Performance Council is a many-decades-old nonprofit that defines transaction processing and database benchmarks and shares its performance results with the industry.

Long-time Slashdot reader hackingbear says they've just released some surprising news: The TPC organization reported on October 5 that OceanBase, an open-source relational database from Ant Financial, a business unit of Chinese e-commerce giant Alibaba Group, has topped the TPC-C benchmark, more than doubling the score achieved by Oracle Corp. which had held the world record for the past 9 years.

OceanBase v2.2 Enterprise Edition with Partitioning scored at 60,880,800, while Oracle Database 11g R2 Enterprise Edition w/RAC and Partitioning achieved 30,249,688.

TPC Benchmark C is industrial standard OLTP benchmark, measuring on-line transactions per minute (tpmC).

Dave Knott writes: A Montreal legal firm has requested authorization to launch a class-action lawsuit against Epic Games, makers of the widely-popular video game Fortnite. The legal notice, filed on behalf of two minors, likens the effect of the game to cocaine, saying it releases the chemical dopamine to the brain of vulnerable young people who can become dependent on playing. Much of the suit is based on a 2015 Quebec Superior Court ruling that determined tobacco companies didn't warn their customers about the dangers of smoking. Jean-Philippe Caron, a lawyer at Calex, said the firm was contacted by several parents whose kids had become addicted to the game.

Last year, the World Health Organization classified addiction to video games as a disease. It defined the disorder as "a pattern of gaming behavior characterized by impaired control over gaming, increased priority given to gaming over other activities to the extent that gaming takes precedence over other interests and daily activities, and continuation or escalation of gaming despite the occurrence of negative consequences." According to Caron, Fortnite was designed by psychologists to make it more addictive. "They knew that their game was very attractive, yet they did not divulge the risks to the population. It's a little like tobacco."