Apple is holding a special event on December 2nd to highlight its favorite apps and games of 2019. The live event will take place in New York City. 9to5Mac reports: Invites went out this afternoon for the surprise event that will be held in just two weeks. Curiously, it appears the event will just be to highlight Apple's top app and game picks from 2019. In the event invitation, Apple leads with the tagline "Loved by millions. Created by the best." While Apple normally livestreams its events it's also not known whether this will app event will be broadcast live. Apple's Special Events landing page doesn't include any information on the December event.

An anonymous reader quotes a report from CNBC: The Supreme Court said on Friday that it will hear a dispute between tech giants Oracle and Google in a blockbuster case that could lead to billions of dollars in fines and shape copyright law in the internet era. The case concerns 11,500 lines of code that Google was accused of copying from Oracle's Java programming language. Google deployed the code in Android, now the most popular mobile operating system in the world. Oracle sued Google in 2010 alleging that the use of its code in Android violated copyright law.

Google won two victories in the lower courts but ultimately lost on appeal before the U.S. Court of Appeals for the Federal Circuit, which ruled last year for Oracle. Oracle has previously said it is entitled to $9 billion in damages, though no official penalty has been set. Java was developed by Sun Microsystems, which Oracle purchased in a deal valued at $7.4 billion that was completed in 2010. Underlying the legal issues in the case is a technical dispute over the nature of the code that Google used. Google has said that the code was essentially functional -- akin to copying the placement of keys on a QWERTY keyboard. Oracle maintains that the code, part of Java's application programming interface, or API, is a creative product, "like the chapter headings and topic sentences of an elaborate literary work." A number of high-profile tech firms urged the top court to take the case in order to side with Google.

TechCrunch reports that another employee, engineer Alice Goldfuss, has resigned from GitHub over the company's $200,000 contract with Immigration and Customs Enforcement (ICE). From the report: In a tweet, Goldfuss said GitHub has a number of problems to address and that "ICE is only the latest." Meanwhile, Vice reports at least five staffers quit today. These resignations come the same day as GitHub Universe, the company's big product conference. Ahead of the conference, Tech Workers Coalition protested the event, setting up a cage to represent where ICE detains children.

Last month, GitHub staff engineer Sophie Haskins resigned, stating she was leaving because the company did not cancel its contract with ICE, The Los Angeles Times reported. Last month, GitHub employees penned an open letter urging the company to stop working with ICE. That came following GitHub's announcement of a $500,000 donation to nonprofit organizations in support of "immigrant communities targeted by the current administration." In that announcement, GitHub CEO Nat Friedman said ICE's purchase was made through one of GitHub's reseller partners and said the deal is not "financially material" for the company. Friedman also pointed out that ICE is responsible for more than immigration and detention facilities.

An anonymous reader quotes a report from The Intercept: For years, the New York Police Department illegally maintained a database containing the fingerprints of thousands of children charged as juvenile delinquents -- in direct violation of state law mandating that police destroy these records after turning them over to the state's Division of Criminal Justice Services. When lawyers representing some of those youths discovered the violation, the police department dragged its feet, at first denying but eventually admitting that it was retaining prints it was supposed to have destroyed. Since 2015, attorneys with the Legal Aid Society, which represents the majority of youths charged in New York City family courts, had been locked in a battle with the police department over retention of the fingerprint records of children under the age of 16. The NYPD did not answer questions from The Intercept about its handling of the records, but according to Legal Aid, the police department confirmed to the organization last week that the database had been destroyed. To date, the department has made no public admission of wrongdoing, nor has it notified the thousands of people it impacted, although it has changed its fingerprint retention practices following Legal Aid's probing. "The NYPD can confirm that the department destroys juvenile delinquent fingerprints after the prints have been transmitted to DCJS," a police spokesperson wrote in a statement to The Intercept.

Still, the way the department handled the process -- resisting transparency and stalling even after being threatened with legal action -- raises concerns about how police handle a growing number of databases of personal information, including DNA and data obtained through facial recognition technology. As The Intercept has reported extensively, the NYPD also maintains a secretive and controversial "gang database," which labels thousands of unsuspecting New Yorkers -- almost all black or Latino youth -- as "gang members" based on a set of broad and arbitrary criteria. The fact that police were able to violate the law around juvenile fingerprints for years without consequence underscores the need for greater transparency and accountability, which critics say can only come from independent oversight of the department. It's unclear how long the NYPD was illegally retaining these fingerprints, but the report says the state has been using the Automated Fingerprint Identification System since 1989, "and laws protecting juvenile delinquent records have been in place since at least 1977." Legal Aid lawyers estimate that tens of thousands of juveniles could have had their fingerprints illegally retained by police.

pacopico writes: GitHub's CEO Nat Friedman traveled to Svalbard in October to stash Linux, Android, and 6,000 other open-source projects in a permafrost-filled, abandoned coal mine. It's part of a project to safeguard the world's software from existential threats and also just to archive the code for posterity. As Friedman says, "If you told someone 20 years ago that in 2020, all of human civilization will depend on and run on open-source code written for free by volunteers in countries all around the world who don't know each other, and it'll just be downloaded and put into almost every product, I think people would say, 'That's crazy, that's never going to happen. Software is written by big, professional companies.' It's sort of a magical moment. Having a historical record of this will, I think, be valuable to future generations." GitHub plans to open several more vaults in other places around the world and to store any code that people want included.

Researchers at Intezer and IBM X-Force have detected an unconventional form of ransomware that's being deployed in targeted attacks against enterprise servers. They're calling it PureLocker because it's written in the PureBasic programming language. ZDNet reports: It's unusual for ransomware to be written in PureBasic, but it provides benefits to attackers because sometimes security vendors struggle to generate reliable detection signatures for malicious software written in this language. PureBasic is also transferable between Windows, Linux, and OS-X, meaning attackers can more easily target different platforms. "Targeting servers means the attackers are trying to hit their victims where it really hurts, especially databases which store the most critical information of the organization," Michael Kajiloti, security researcher at Intezer told ZDNet.

There's currently no figures on the number PureLocker victims, but Intezer and IBM X-Force have confirmed the ransomware campaign is active with the ransomware being offered to attackers 'as-a-service.' However, it's also believed than rather than being offered to anyone who wants it, the service is offered as a bespoke tool, only available to cyber criminal operations which can afford to pay a significant sum in the first place. The source code of PureLocker ransomware offers clues to its exclusive nature, as it contains strings from the 'more_eggs' backdoor malware. This malware is sold on the dark web by what researchers describe as a 'veteran' provider of malicious services. These tools have been used by some of the most prolific cyber criminal groups operating today, including Cobalt Gang and FIN6 -- and the ransomware shares code with previous campaigns by these hacking gangs. It indicates the PureLocker is designed for criminals who know what they're doing and know how to hit a large organization where it hurts.

"The hit programming language Python has climbed over once-dominant Java to become the second most popular language on Microsoft-owned open-source code-sharing site GitHub," reports ZDNet: Python now outranks Java based on the number of repository contributors, and by that metric Python is now second only to JavaScript, which has been in top spot since 2014, according to GitHub's 'State of the Octoverse' report for 2019...

Another interesting aspect of GitHub's report is its ranking of fastest-growing languages. Google's Dart programming language and Flutter, for building UIs for iOS and Android apps, are getting major traction with developers on GitHub. Dart was the fastest-growing language between 2018 and 2019, with usage up a massive 532%. It was followed by the Mozilla-developed Rust, which grew a respectable 235%. Microsoft is experimenting with Rust in its Windows code base because it was designed to address memory-related security bugs -- the dominant flaw-type in Microsoft software over the past decade.

Last year Kotlin, the Google-endorsed programming language for Android app development, was the fastest-growing language on GitHub. It's not a top-10 language yet, but it still grew 182% over the year. Microsoft-backed TypeScript, its superset of JavaScript, is also growing fast, up 161% over the past year as more developers use it to grapple with large-scale JavaScript apps.

Other languages making up the top 10 fastest-growing category are HCL, PowerShell, Apex, Python, Assembly, and Go.

Candice Ciresi, GitLab's director of risk and global compliance, has resigned after less than six months on the job, apparently saying that the $2.75 billion startup is "engaging in discriminatory and retaliatory behavior." Business Insider reports: Notably, Ciresi resigned in public: GitLab espouses a culture of transparency, whereby all major product and corporate policy decisions are announced and discussed where anybody can see. She posted her resignation in response to one such discussion -- an active debate over a proposed GitLab policy, in which it would ban the hiring of people who live in China or Russia for any role that would require access to customer data. At the time of writing, Ciresi's post announcing her resignation had been reviewed and then "redacted" by GitLab, citing concerns that it would "further inflame this situation." However, Ciresi's comment went out via email to GitLab users who had subscribed to this particular discussion.

Per a screenshot posted to Reddit, Ciresi wrote: "As I believe GitLab is engaging in discriminatory and retaliatory behavior, I have tendered my resignation." "We did decide to moderate this post for review, as there have already been credible personal and physical threats against GitLab employees in this issue thread," GitLab says, in part, in place of Ciresi's comment. "While this particular post did not contain a personal threat to anyone, we were concerned it would further inflame this situation." GitLab confirmed Ciresi's departure but didn't comment any further.

Microsoft gave a status update today on its experiments on using the Rust programming language instead of C and C++ to write Windows components. From a report: Microsoft began experimenting with Rust over the summer. The Redmond-based software giant said it was interested in Rust because, over the past decade, more than 70% of the security patches it shipped out fixed memory-related bugs, an issue that Rust was created to address.

[...] Today, almost four months later, we got the first feedback. "I've been tasked with an experimental rewrite of a low-level system component of the Windows codebase (sorry, we can't say which one yet)," said Adam Burch, Software Engineer at the Microsoft Hyper-V team, in a blog post today. "Though the project is not yet finished, I can say that my experience with Rust has been generally positive," Burch added. "In general, new components or existing components with clean interfaces will be the easiest to port to Rust," the Microsoft engineer said. However, not all things went smoothly. It would have been unrealistic if we expected they would. Burch cited the lack of safe transmutation, safe support for C style unions, fallible allocation, and a lack of support for at-scale unit testing, needed for Microsoft's sprawling code-testing infrastructure.

Freshly Exhumed shares a report from ZDNet: A mysterious hacker has published today a database dump of one of the internet's most infamous neo-nazi meeting places -- the IronMarch forum. The data published today includes a full copy of its content, including sensitive details such as emails, IP addresses, usernames, and private messages. The database dump is currently being analyzed by a multitude of entities, including law enforcement, in the hopes of linking forum members to accounts on other sites and potentially exposing their real-world identities. The drive to unmask forum members comes from the fact that IronMarch, while a little-known site to most internet users, has been the birthplace of two of today's most extreme far-right neo-nazi movements -- the Atomwaffen Division and SIEGE Culture -- with the first being accused of orchestrating at least eight murders around the world. The forum's data was published earlier today via the Internet Archive portal.

"The published information includes a carbon copy of the site, from user details to forum posts, and from private messages to multi-factor authentication settings and forum management logs," reports BleepingComputer. "The forum's database includes details on 3,548 registered profiles. The last user's database ID is 15,218; however, the dump only included details on 3,548 accounts -- most likely due to spam or deleted profiles. The registration date for the last user is November 20, 2017, suggesting the database is a copy of the site near the time it went offline."

An anonymous reader quotes a report from The New York Times: Last week, a Florida detective announced at a police convention that he had obtained a warrant to penetrate GEDmatch and search its full database of nearly one million users. Legal experts said that this appeared to be the first time a judge had approved such a warrant, and that the development could have profound implications for genetic privacy. "That's a huge game-changer," said Erin Murphy, a law professor at New York University. "The company made a decision to keep law enforcement out, and that's been overridden by a court. It's a signal that no genetic information can be safe."

DNA policy experts said the development was likely to encourage other agencies to request similar search warrants from 23andMe, which has 10 million users, and Ancestry.com, which has 15 million. If that comes to pass, the Florida judge's decision will affect not only the users of these sites but huge swaths of the population, including those who have never taken a DNA test. That's because this emerging forensic technique makes it possible to identify a DNA profile even through distant family relationships. [...] Genetic genealogy experts said that until now, the law enforcement community had been deliberately cautious about approaching the consumer sites with court orders: If users get spooked and abandon the sites, they will become much less useful to investigators. Barbara Rae-Venter, a genetic genealogist who works with law enforcement, described the situation as "Don't rock the boat." A spokesman for 23andMe said in a statement: "We never share customer data with law enforcement unless we receive a legally valid request such as a search warrant or written court order. Upon receipt of an inquiry from law enforcement, we use all practical legal measures to challenge such requests in order to protect our customers' privacy." Ancestry.com did not respond to request for comment.

Facebook on Tuesday said that as many as 100 software developers may have improperly accessed user data, including the names and profile pictures of people in specific groups on the social network. CNBC reports: The company recently discovered that some apps retained access to this type of user data despite making changes to its service in April 2018 to prevent this, Facebook said in a blog post. The company said it has removed this access and reached out to 100 developer partners who may have accessed the information. Facebook said that at least 11 developer partners accessed this type of data in the last 60 days.

"Although we've seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted," the company said in the blog post. The company did not say how many users were affected.

Oracle opened its appeal in a legal challenge of a Pentagon cloud-computing contract valued at as much as $10 billion with a familiar argument: the procurement was unfairly tailored for Amazon.com. From a report: In in its opening brief, which was filed on Friday, Oracle said the cloud project violated federal procurement law and was tainted by relationships between former Pentagon officials and Amazon. Oracle is appealing a July ruling from the U.S. Court of Federal Claims that dismissed its legal challenge of the cloud contract based on similar claims. At the same time, Amazon is mulling its own potential legal challenge of the project after losing the deal to Microsoft Corp. late last month, Bloomberg has reported. The legal challenges could revive fresh criticism from industry, lawmakers and analysts of the Pentagon's handling of the controversial cloud project, known as the Joint Enterprise Defense Infrastructure, or JEDI. The project is designed to consolidate the Pentagon's cloud computing infrastructure and modernize its technology systems. The Defense Department is facing accusations that former employees with ties to Amazon may have structured the deal to favor Amazon and that President Donald Trump may have unfairly intervened in the process against Amazon. Trump has long been at odds with Amazon Chief Executive Officer Jeff Bezos, who also owns the Washington Post.

An anonymous reader writes: At Ignite 2019 today, Microsoft launched Visual Studio Online public preview. Visual Studio Online meshes Visual Studio, cloud-hosted developer environments, and a web-based editor. AI, big data, and cloud computing are shifting development beyond the "standard issue development laptop," and Visual Studio Online is clearly a reflection of this trend. "Visual Studio Online philosophically (and technically) extends Visual Studio Code Remote Development to provide managed development environments that can be created on-demand and accessed from anywhere," Microsoft explained today. "These environments can be used for long-term projects, to quickly prototype a new feature, or for short-term tasks, like reviewing pull requests." The company also announced the public preview of its Power Virtual Agents tool, a new no-code tool for building chatbots that's part of the company's Power Platform, which also includes Microsoft Flow automation tool, which is being renamed to Power Automate today, and Power BI. From a report: Built on top of Azure's existing AI smarts and tools for building bots, Power Virtual Agents promises to make building a chatbot almost as easy as writing a Word document. With this, anybody within an organization could build a bot that walks a new employee through the onboarding experience for example. "Power virtual agent is the newest addition to the Power Platform family," said Microsoft's Charles Lamanna. "Power Virtual Agent is very much focused on the same type of low code, accessible to anybody, no matter whether they're a business user or business analyst or professional developer, to go build a conversational agent that's AI-driven and can actually solve problems for your employees, for your customers, for your partners, in a very natural way." Further reading: Microsoft rebrands Flow as Power Automate, adds RPA features and virtual agents; and Visual Studio IntelliCode gets whole-line code completions, dynamic refactoring detection.

Mac developers are reporting that apps made using Electron (which is a framework that allows companies to ship web apps in a native app wrapper) are now being rejected by the automated Mac App Store review process. From a report: The apps in question are getting flagged because of their usage of private API calls. These API calls are not in the app itself, but part of the underlying Electron framework. The detected private API symbols include:" CAContext CALayerHost NSAccessibilityRemoteUIElement NSNextStepFrame NSThemeFrame NSURLFileTypeMappings." Apparently, the Electron framework has used these APIs for years. What has happened is that Apple has upgraded its server-side app review processes to detect more violations of its App Review guidelines, and now this private API usage is being identified. Individual Electron app makers are a bit helpless as the issue can only really be fixed by pushing changes in the Electron code itself. It does not appear that Electron is doing anything extreme, certainly nothing malicious. App Review doesn't care about why an app is using private API, it's a hard and fast rule (at least in theory).

"In a message to the OpenJDK community, Bruno Borges announced that Microsoft has now formally signed the Oracle Contributor Agreement and has been welcomed to the Java community," reports JAXenter: He went on to reaffirm Microsoft's commitment to Java and that the team is looking forward to giving something back to the Java community. However, the team will not just barge in with a heavy hand, but will start with smaller bug fixes and the like so they can learn how to be "good citizens within OpenJDK."

Borges, himself a former Oracle developer, is Principal Product Manager for Java at Microsoft. He presents Martijn Verburg as the Java engineering team lead who will be working together along with other partners in the Java ecosystem. Verburg is also CEO of jClarity, a leading AdoptOpenJDK contributor acquired by Microsoft in August this year, so presumably he will stay true to form and continue to contribute to the Java world, only now with Microsoft at his back...

Microsoft's acquisition of jClarity was just the latest in their efforts to gain a foothold in the Java community. There are many Java developers and Java champions who now practice their trade under Microsoft's banner... At JAX London a few weeks ago, Program Chair Sebastian Meyen opened the conference by giving a speech in which he said "Microsoft is now a Java shop". He sees this as a great development, as "it's always good when industry giants stand behind Java."

"Guido van Rossum, the creator of the hugely popular Python programming language, is leaving cloud file storage firm Dropbox and heading into retirement," reports ZDNet: That ends his six and half years with the company, which hired in him in 2013 because so much of its functionality was built on Python. And, after last year stepping down from his leadership role over Python decision making, that means the Python creator is officially retiring....

According to Dropbox, in 2011, when van Rossum first met Dropbox CEO Drew Houston, the Dropbox server and desktop client were written "almost exclusively in Python". Today, Dropbox also relies on Go, TypeScript, and Rust, as well as the open source Mypy static type checker that Dropbox develops to manage Python code at scale. Mypy helps developers overcome the challenge of understanding dynamically typed Python code written by other developers in the past...

Dropbox said van Rossum has had a major impact on its engineering culture. "There was a small number of really smart, really young coders who produced a lot of very clever code that only they could understand," said van Rossum. "That is probably the right attitude to have when you're a really small startup." However, as Dropbox notes, when the company grew, new engineers could not understand the clever but 'short and cryptic' code written by and for earlier developers. Van Rossum called this "cowboy coding culture" and educated the company about the value of maintainable code. "When asked, I would give people my opinion that maintainable code is more important than clever code," he said.... Dropbox also credits van Rossum with sharpening the company's testing processes for its continuous integration program and helping engineers understand why tests were broken.
"Thank you, Guido" is the title of the post on Dropbox's blog announcing the news that van Rossum is now retiring. Sharing that article on Twitter Thursday, van Rossum added "It's bittersweet... I've learned a lot during my time as an engineer here -- e.g. type annotations came from this experience -- and I'll miss working here."

But by Friday he was heading off to the North Bay Python conference in Petaluma, California.

schwit1 writes: A private DNA ancestry database that's been used by police to catch criminals is a security risk from which a nation-state could steal DNA data on a million Americans, according to security researchers. Security flaws in the service, called GEDmatch, not only risk exposing people's genetic health information but could let an adversary such as China or Russia create a powerful biometric database useful for identifying nearly any American from a DNA sample. GEDMatch, which crowdsources DNA profiles, was created by genealogy enthusiasts to let people search for relatives and is run entirely by volunteers. It shows how a trend toward sharing DNA data online can create privacy risks affecting everyone, even people who don't choose to share their own information.

"You can replace your credit card number, but you can't replace your genome," says Peter Ney, a postdoctoral researcher in computer science at the University of Washington. Ney, along with professors and DNA security researchers Luis Ceze and Tadayoshi Kohno, described in a report posted online how they developed and tested a novel attack employing DNA data they uploaded to GEDmatch. Using specially designed DNA profiles, they say, they were able to run searches that let them guess more than 90% of the DNA data of other users. The founder of GEDmatch, Curtis Rogers, confirmed that the researchers alerted him to the threat during the summer. "The same attack wouldn't work on other genealogy sites, like 23andMe, because they don't permit data uploads," the report notes. "Others, like MyHeritage, do allow uploads but don't give users as much information about their matches."

"The problem with GEDmatch is the browser is too good, and searches too deeply," says Erlich. "If I were them, I would remove it, fix it, then put it back."

The steering council of Python said it is adopting a 12-month release cycle as it seeks to bring more consistency to schedule. In their mailing list they announced the change would mean developers would: 1. Know when to start testing the beta to provide feedback.
2. Know when the expect the RC so the community can prepare their projects for the final release.
3. Know when the final release will occur to coordinate their own releases (if necessary) when the final release of Python occurs.
4. Allow core developers to more easily plan their work to make sure work lands in the release they are targeting.
5. Make sure that core developers and the community have a shorter amount of time to wait for new features to be released. They added: It should also fit into the release schedule of Linux distributions like Fedora better than previously proposed so the distributions can test the RC when they start preparing for their own October releases. If this turns out to be a mistake after we try it out for Python 3.9 we can then discuss going back to longer betas and shorter RCs for the release after that. This will not change when feature development is cut off relative to PyCon US nor the core dev sprints happening just before the final release or the alpha of the next version.

Apple's iOS 13 has had a rocky start since its release last month, with it being among the most buggy Apple software releases in recent memory. Now, iPhone owners are complaining of yet another issue that may be bug-related. From a report: A growing number of iPhone and iPad users have complained about poor RAM management on iOS 13 and iPadOS 13, leading to apps like Safari, YouTube, and Overcast reloading more frequently upon being reopened. We've lightly edited some of the comments to correct things like capitalization.