Python's End-of-Life date is 129 days away, warns the UK National Cyber Security Centre (NCSC). "There will be no more bug fixes, or security updates, from Python's core developers."

An anonymous reader quotes ZDNet: The UK's cyber-security agency warned developers Thursday to consider moving Python 2.x codebases to the newer 3.x branch due to the looming end-of-life of Python 2, scheduled for January 1, 2020... "If you continue to use unsupported modules, you are risking the security of your organisation and data, as vulnerabilities will sooner or later appear which nobody is fixing."

"If you maintain a library that other developers depend on, you may be preventing them from updating to 3," the agency added. "By holding other developers back, you are indirectly and likely unintentionally increasing the security risks of others... If migrating your code base to Python 3 is not possible, another option is to pay a commercial company to support Python 2 for you," the NCSC said.

The agency warns that companies who don't invest in migrating their Python 2.x code might end up in the same position as Equifax or the WannaCry victims. "At the NCSC we are always stressing the importance of patching. It's not always easy, but patching is one of the most fundamental things you can do to secure your technology," the agency said. "The WannaCry ransomware provides a classic example of what can happen if you run unsupported software," it said. "By making the decision to continue using Python 2 past its end of life, you are accepting all the risks that come with using unsupported software, while knowing that a secure version is available."

An anonymous reader quotes a report from TechCrunch: Three years after closing a $9.3 billion deal to acquire NetSuite, several Oracle board members have written an extraordinary letter to the Delaware Court, approving a shareholder lawsuit against company executives Larry Ellison and Safra Catz over the 2016 deal. Reuters broke this story. According to Reuters' Alison Frankel, three board members, including former U.S. Defense Secretary Leon Panetta, sent a letter on August 15th to Sam Glasscock III, vice chancellor for the Court of the Chancery in Georgetown, Delaware, approving the suit as members of a special board of directors entity known as the Special Litigation Committee.

The lawsuit is what is called in legal parlance a derivative suit. According to the site Justia, this type of suit is filed in cases like this. "Since shareholders are generally allowed to file a lawsuit in the event that a corporation has refused to file one on its own behalf, many derivative suits are brought against a particular officer or director of the corporation for breach of contract or breach of fiduciary duty," the Justia site explained. The letter went on to say there was an attempt to settle this suit, which was originally launched in 2017, through negotiation outside of court, but when that attempt failed, the directors wrote this letter to the court stating that the suit should be allowed to proceed. As Frankel wrote in her article, the lawsuit, which was originally filed by the Firemen's Retirement System of St. Louis, could be worth billions. The report notes that Oracle was struggling to find its cloud footing in 2016, so it's "believed that by buying an established SaaS player like NetSuite, it could begin to build out its cloud business much faster than trying to develop something like it internally."

The Oracle letter can be found here.

An anonymous reader shares a report: Eyre (an anecdote in the story) is one of more than 1,000 young women college-aged or older, hailing from 300 schools around the country, who participated in a recent survey [PDF] about the challenges female engineers face while applying for technical internships. The study was conducted last fall by Girls Who Code, a nonprofit organization that educates and supports girls studying computer science, which has 30,000 college-aged alumnae and 17,000 alumnae potentially entering college this fall. The analysis was limited to young women in the Girls Who Code network who are studying or previously studied computer science and related fields.

The results reveal that many young women, whom the tech industry is counting on to diversify its heavily male workforce, are put off by their first encounters with tech companies. More than half of the respondents said they either had a negative experience while applying for engineering internships or knew another woman who had a negative experience, such as being subjected to gender-biased interview questions and inappropriate remarks, or observing a noticeable lack of diversity when they interacted with company representatives during the interview process. Although the survey did not explicitly ask about sexual harassment and discrimination, respondents raised both issues in written responses at the end of the survey. They described instances where a male interviewer flirted with them during the interview, sent an unsolicited photo of himself, asked if they had a significant other, or made sexual remarks in their presence. The respondents also reported feeling dismissed or demeaned because of their gender. One respondent was asked why she would want to go into tech as a woman; in another instance, a male interviewer laughed when the candidate said she saw herself becoming a software engineer in five years.

Google today launched Android Studio 3.5, the latest version of its integrated development environment (IDE), with a specific focus on "product quality." From a report: This release is the last one under Project Marble, a fancy name for an initiative Google announced late last year to improve Android Studio. For eight months, the team focused "on making the fundamental features and flows of Android Studio & Emulator rock-solid." All the improvements were either to system health, feature polish, or bug fixes. To improve system health, Google created a new set of infrastructure and internal dashboards to better detect performance problems. The team ultimately fixed over 600 bugs, 50 memory leaks, and 20 IDE hangs, and improved XML & Kotlin typing latency. For the Android Emulator, the team decreased the CPU and memory impact. The team also took a look at app deployment flow to a device, replacing Instant Run with Apply Changes. The new system no longer modifies an APK during your build. Instead, it uses runtime instrumentation to redefine classes on the fly.

Bitbucket, once one of the largest Mercurial repository hosting sites, said Tuesday it plans to remove Mercurial features and repositories from its platform on June 1, 2020. In a blog post, Bitbucket wrote: As we surpass 10 million registered users on the platform, we're at a point in our growth where we are conducting a deeper evaluation of the market and how we can best support our users going forward. After much consideration, we've decided to remove Mercurial support from Bitbucket Cloud and its API. Bitbucket will stop letting users create new Mercurial repositories starting February 1, 2020, and start removing all the Mercurial repositories four months later. So you will want to backup your repositories and switch to a different platform in the coming months. A different user pointed out, "Another shitty aspect of bitbucket dropping mercurial support and deleting all the old repositories in 2020: all yt pull request discussions from before 2017 are going to be deleted. There's valuable context for how the code got written in those discussions." Several users have expressed their concerns over this decision. Sebastien Jodogne, CSO at Osimis, said, "This is an extremely concerning decision that endangers diversity in the computer science industry by pushing the de facto hegemony of git."

For those of you affected by this, you can consider a number of platforms including SourceForge to host and manage your repositories.

A group of app developers have penned a letter to Apple CEO Tim Cook, arguing that certain privacy-focused changes to Apple's iOS 13 operating system will hurt their business. From a report: In a report by The Information, the developers were said to have accused Apple of anti-competitive behavior when it comes to how apps can access user location data. With iOS 13, Apple aims to curtail apps' abuse of its location-tracking features as part of its larger privacy focus as a company. Today, many apps ask users upon first launch to give their app the "Always Allow" location-tracking permission. Users can confirm this with a tap, unwittingly giving apps far more access to their location data than is actually necessary, in many cases. In iOS 13, however, Apple has tweaked the way apps can request location data. There will now be a new option upon launch presented to users, "Allow Once," which allows users to first explore the app to see if it fits their needs before granting the app developer the ability to continually access location data. This option will be presented alongside existing options, "Allow While Using App" and "Don't Allow." The "Always" option is still available, but users will have to head to iOS Settings to manually enable it. The app developers argue that this change may confuse less technical users, who will assume the app isn't functioning properly unless they figure out how to change their iOS Settings to ensure the app has the proper permissions.

"Earlier this year I gave a talk at FullStack conference in London about making iFrames cool again," writes a lead engineer at PayPal. In a nutshell: iframes let you build user experiences into embeddable 'cross-domain components', which let users interact with other sites without being redirected. There are a metric ton of awesome uses for that other than tracking and advertizing. Nothing else comes close for this purpose; and as a result, I feel we're not using iframes to their full potential.

There are big problems, though... My talk went into how at PayPal, we built Zoid to solve some of the major problems with iframes and popups:

- Pre-render to avoid the perception of slow rendering

- Automatically resize frames to fit child content

- Automatically resize frames to fit child content

- Pass down any kind of data and functions/callbacks as props (just like React), and avoid the nightmare of cross-domain messaging between windows.

- Make iframes and popups feel like first class (cross-domain) components.

Zoid goes a long way. But there are certain problems a mere javascript library can not solve. This is my bucket list for browser vendors, to make iframes more of a first class citizen on the web... Because fundamentally: the idea of cross-domain embeddable components is actually pretty useful once you start talking about shareable user experiences, rather than just user-tracking and advertizing which are obviously pills nobody enjoys swallowing.
He acknowledges that he "really likes" the work that's been done on Google Chrome's Portals (which he earlier described as "like iframes, but better, and worse.")

"I just hope iframes don't get left behind."

Stack Overflow shares a new tool from a team of researchers that "takes the description of a programming task as a query and then provides relevant, comprehensive programming solutions containing both code snippets and their succinct explanations" -- the Crowd Knowledge Answer Generator (or CROKAGE): In order to reduce the gap between the queries and solutions, the team trained a word-embedding model with FastText, using millions of Q&A threads from Stack Overflow as the training corpus. CROKAGE also expanded the natural language query (task description) to include unique open source software library and function terms, carefully mined from Stack Overflow.

The team of researchers combined four weighted factors to rank the candidate answers... In particular, they collected the programming functions that potentially implement the target programming task (the query), and then promoted the candidate answers containing such functions. They hypothesized that an answer containing a code snippet that uses the relevant functions and is complemented with a succinct explanation is a strong candidate for a solution. To ensure that the written explanation was succinct and valuable, the team made use of natural language processing on the answers, ranking them most relevant by the four weighted factors. They selected programming solutions containing both code snippets and code explanations, unlike earlier studies. The team also discarded trivial sentences from the explanations...

The team analyzed the results of 48 programming queries processed by CROKAGE. The results outperformed six baselines, including the state-of-art research tool, BIKER. Furthermore, the team surveyed 29 developers across 24 coding queries. Their responses confirm that CROKAGE produces better results than that of the state-of-art tool in terms of relevance of the suggested code examples, benefit of the code explanations, and the overall solution quality (code + explanation).
The tool is still being refined, but it's "experimentally available" -- although "It's limited to Java queries for now, but the creators hope to have an expanded version open to the public soon."

It will probably be more useful than Stack Roboflow, a site that uses a neural network to synthesize fake Stack Overflow questions.

There can be more than one correct answer for academic tests of programming ability, writes long-time Slashdot reader theodp: Take the first of the Free-Response Questions in this year's AP CS A exam, which asked 70,000 college-bound students to "Write the static method numberOfLeapYears, which returns the number of leap years between year1 and year2." The correct answer, according to the CollegeBoard's 2019 Scoring Guidelines, entails iterating over the range of years and invoking a provided helper method called isLeapYear for each year.

Which does work, of course, but what if a student instead took an Excel-like approach to the same problem that consists of a (hopefully correct!) single formula with no iteration or isLeapYear helper function? Would that be a worse — or better -- example of computational thinking than the endorsed AP CS A Java-based solution? (Here's a 7-minute AP Conference discussion of how to correctly grade this problem)?

So, how have you seen schools and companies deal with unexpected-but-correct approaches to coding test questions?

Last November, YouTube announced that it would be removing the paywall for its original programming starting in 2019. Now, we have more details on exactly how and when this will work. Android Central reports: Per a statement sent out by the YouTube team: "New YouTube Originals series, movies, and live events released after September 24, 2019 will be made available to non-members to watch for free, with ads. For series, members will get immediate access to every episode of a new season, while non-members will have to wait for each new episode to be released."

It appears that YouTube Originals content released prior to that September 24 date will remain exclusive to Premium subscribers, but going forward, it'll be fair game for everyone. While that does slightly water-down the perks of being a YouTube Premium subscriber, it's also noted that paying customers will gain access to additional footage that won't be available for free users: "In most cases, where available, Director's cuts and bonus footage for YouTube Originals movies and live events will be exclusive to members like you, as well."

Freshly Exhumed shares a report from The Guardian: Automatic license plate readers, which use networked surveillance cameras and simple image recognition to track the movements of cars around a city, may have met their match, in the form of a T-shirt. Or a dress. Or a hoodie. The anti-surveillance garments were revealed at the DefCon cybersecurity conference in Las Vegas on Saturday by the hacker and fashion designer Kate Rose, who presented the inaugural collection of her Adversarial Fashion line.

To human eyes, Rose's fourth amendment T-shirt contains the words of the fourth amendment to the U.S. constitution in bold yellow letters. The amendment, which protects Americans from "unreasonable searches and seizures," has been an important defense against many forms of government surveillance: in 2012, for instance, the U.S. supreme court ruled that it prevented police departments from hiding GPS trackers on cars without a warrant. But to an automatic license plate reader (ALPR) system, the shirt is a collection of license plates, and they will get added to the license plate reader's database just like any others it sees. The intention is to make deploying that sort of surveillance less effective, more expensive, and harder to use without human oversight, in order to slow down the transition to what Rose calls "visual personally identifying data collection." "It's a highly invasive mass surveillance system that invades every part of our lives, collecting thousands of plates a minute. But if it's able to be fooled by fabric, then maybe we shouldn't have a system that hangs things of great importance on it," she said.

Researchers said they have found a publicly accessible database containing almost 28 million records -- including plain-text passwords, face photos, and personal information -- that was used to secure buildings around the world. Ars Technica reports: Researchers from vpnMentor reported on Wednesday that the database was used by the Web-based Biostar 2 security system sold by South Korea-based Suprema. Biostar uses facial recognition and fingerprint scans to identify people authorized to enter warehouses, municipal buildings, businesses, and banks. vpnMentor said the system has more than 1.5 million installations in a wide range of countries including the U.S., the UK, Indonesia, India, and Sri Lanka. According to vpnMentor, the 23-gigabyte database contained more than 27.8 million records used by Biostar to secure customer facilities. The data included usernames, passwords and user IDs in plaintext, building access logs, employee records including start dates, personal details, mobile device data, and face images. The researchers said the data also included more than 1 million records containing actual fingerprint scans, but the report provided no data to support the claim.

"The vpnMentor researchers said they discovered the exposed database on August 5 and privately reported the finding two days later," reports Ars Technica. "The data wasn't secured until Tuesday, six days later."

Eyal Guthmann, a software engineer at cloud storage service Dropbox, writes: Until very recently, Dropbox had a technical strategy on mobile of sharing code between iOS and Android via C++. The idea behind this strategy was simple -- write the code once in C++ instead of twice in Java and Objective C. We adopted this C++ strategy back in 2013, when our mobile engineering team was relatively small and needed to support a fast growing mobile roadmap. We needed to find a way to leverage this small team to quickly ship lots of code on both Android and iOS. We have now completely backed off from this strategy in favor of using each platforms' native languages (primarily Swift and Kotlin, which didn't exist when we started out). This decision was due to the (not so) hidden cost associated with code sharing.

Here are some of the things we learned as a company on what it costs to effectively share code. And they all stem from the same basic issue: By writing code in a non-standard fashion, we took on overhead that we would have not had to worry about had we stayed with the widely used platform defaults. This overhead ended up being more expensive than just writing the code twice.

This week from 63-year-old Python creator Guido van Rossum shared some interesting stories with ZDNet's senior reporter Nick Heath: While sharing software with the world today only takes a few clicks, in the 1980s it was an altogether more laborious affair, with van Rossum recalling the difficulties of trying to distribute Python precursor ABC. "I remember around '85, going on a vacation trip to the US, my first ever visit to the US, with a magnetic tape in my luggage," says van Rossum. Armed with addresses and phone numbers of people who had signalled an interest in ABC via the rudimentary email system available at the time -- which wasn't suited to handling anything as large as source code -- he travelled door-to-door posting the tapes. Despite this effort, ABC didn't really take off. "So, no wonder we didn't get very far with the distribution of ABC, despite all its wonderful properties," he says.

But as the internet revolution gathered steam, it would be much easier to distribute Python without a suitcase full of tapes. Van Rossum released Python to the world via the alt.sources newsgroup in 1991, under what was pretty much an open-source licence, six years before the term was first coined. While Python interpreter still had to be joined together into a compressed file from 21 separate parts and downloaded overnight on the Usenet network, it was still a vastly more efficient delivery mechanism than the hand deliveries of a few years earlier.
Guido also shared some new comments on why he stepped down as Python's Benevolent Dictator for Life: "I was very disappointed in how the people who disagreed technically went to social media and started ranting that the decision process was broken, or that I was making a grave mistake. I felt attacked behind my back," he says. "In the past, it had always been clear that if there were a decision to be made about a change in the language or an improved feature, a whole bunch of core developers would discuss the pros and cons of the thing. Either a clear consensus would appear or, if it was not so clear, I would mull it over in my head and decide one way or another. With PEP572, even though it was clearly controversial, I chose 'Yes, I want to do this', and people didn't agree to disagree.

"It wasn't exactly a revolt, but I felt that I didn't have the trust of enough of the core developer community to keep going."

He thinks the change in how disputes about the language play out is partly a result of how many people use Python today. "It's probably also the fact that the Python community is so much larger. It's harder to reach any form of consensus, of course, because there's always fringe dissidents, no matter which way you decide." Earlier this year, Python core developers -- those who work on maintaining and updating Python's reference CPython interpreter -- elected a steering council to oversee the future of the language. Van Rossum was elected, alongside Warsaw and fellow core developers Brett Cannon, Carol Willing, and Nick Coghlan.

An anonymous reader writes: "The voter information of more than 14.3 million Chileans, which accounts to nearly 80% of the country's entire population, was left exposed and leaking on the internet inside an Elasticsearch database," reports ZDNet. "The database contained names, home addresses, gender, age, and tax ID numbers (RUT, or Rol Único Tributario) for 14,308,151 individuals...including many high-profile Chilean officials."

A spokesperson for the Chile Electoral Service said the data appears to have been scraped without authorization from its website, from a section that allows users to update their voting data. Chile now joins countries as the US, Mexico, Turkey, and the Philippines, whose voter information was gathered in bulk and then published online in one big pile, easy to access for any crooks.

Long-time Slashdot reader mejustme shared this report from Hackaday: If you have an opinion about C++, chances are you either love it for its extensiveness and versatility, or you hate it for its bloated complexity and would rather stick to alternative languages on both sides of the spectrum. Either way, here's your chance to form a new opinion about the language. The C++ standard committee has recently gathered to work on finalizing the language standard's newest revision, C++20, deciding on all the new features that will come to C++'s next major release.

After C++17, this will be the sixth revision of the C++ standard, and the language has come a long way from its "being a superset of C" times. Frankly, when it comes to loving or hating the language, I haven't fully made up my own mind about it yet. My biggest issue with it is that "programming in C++" can just mean so many different things nowadays, from a trivial "C with classes" style to writing code that will make Perl look like prose. C++ has become such a feature-rich and downright overwhelming language over all these years, and with all the additions coming with C++20, things won't get easier. Although, they also won't get harder. Well, at least not necessarily. I guess? Well, it's complex, but that's simply the nature of the language...

From better type checking and compiler errors messages to Python-like string handling and plans to replace the #include system, there's a lot at play here!
The article mentions coroutines, the spaceship operator for three-way comparisons, and "a bunch of additions to lambda expressions," as well as a new keyword constinit and removing limitations on the usage of constexpr.

And in addition, "ranges are the new iterators" and concepts "have graduated from being an experimental feature to a full-fledged part of the language standard, allowing the addition of semantic constraints to templates, and ultimately making generic programming a hint more specific."

"The New York Police Department (NYPD) has been loading thousands of arrest photos of children and teenagers into a facial recognition database despite evidence the technology has a higher risk of false matches in younger faces," reports The New York Times. Some of the children included in the database are as young as 11, but most are teenagers between 13 and 16 years old. From the report: Elected officials and civil rights groups said the disclosure that the city was deploying a powerful surveillance tool on adolescents -- whose privacy seems sacrosanct and whose status is protected in the criminal justice system -- was a striking example of the Police Department's ability to adopt advancing technology with little public scrutiny. Several members of the City Council as well as a range of civil liberties groups said they were unaware of the policy until they were contacted by The New York Times.

Police Department officials defended the decision, saying it was just the latest evolution of a longstanding policing technique: using arrest photos to identify suspects. The New York Police Department can take arrest photos of minors as young as 11 who are charged with a felony, depending on the severity of the charge. And in many cases, the department keeps the photos for years, making facial recognition comparisons to what may have effectively become outdated images. There are photos of 5,500 individuals in the juvenile database, 4,100 of whom are no longer 16 or under, the department said. Teenagers 17 and older are considered adults in the criminal justice system. Civil rights advocates say that including their photos in a facial recognition database runs the risk that an imperfect algorithm identifies them as possible suspects in later crimes. A mistaken match could lead investigators to focus on the wrong person from the outset, they said.

An anonymous reader shares a report: Not all programming languages endure forever. In fact, even the most popular ones inevitably crumble away, as new generations of developers embrace other languages and frameworks they find easier to work with. In order to determine which programming languages are likely doomed in the medium- to long-term, we looked at the popularity rankings by TIOBE and RedMonk, as well as Dice's own database of job postings. If your career is based on any of the following languages, we suggest diversifying your skill-set at some point: Ruby, Haskell, Objective-C, R, and Perl.

Craig Mod: I love fast software. That is, software speedy both in function and interface. Software with minimal to no lag between wanting to activate or manipulate something and the thing happening. Lightness. Software that's speedy usually means it's focused. Like a good tool, it often means that it's simple, but that's not necessarily true. Speed in software is probably the most valuable, least valued asset. To me, speedy software is the difference between an application smoothly integrating into your life, and one called upon with great reluctance. Fastness in software is like great margins in a book -- makes you smile without necessarily knowing why. [...]

Speed and reliability are often intuited hand-in-hand. Speed can be a good proxy for general engineering quality. If an application slows down on simple tasks, then it can mean the engineers aren't obsessive detail sticklers. Not always, but it can mean disastrous other issues lurk. I want all my craftspeople to stickle. I don't think Ulysses (a popular text editing application) is badly made, but I am less confident in it than if it handled input and interface speed with more grace. Speed would make me trust it more.

An anonymous reader shares a report: The impact of U.S. trade restrictions is trickling down to the developer community. GitHub, the world's largest host of source code, is preventing users in Iran, Syria, Crimea and potentially other sanctioned nations from accessing portions of the service, chief executive of the Microsoft-owned firm said. Over the weekend, GitHub CEO Nat Friedman wrote on Twitter that like any other "company that does business in the US," GitHub is required to comply with the U.S. export law. The confirmation comes months after work collaboration service Slack, too, enforced similar restrictions on its platform.,