Bitbucket, once one of the largest Mercurial repository hosting sites, said Tuesday it plans to remove Mercurial features and repositories from its platform on June 1, 2020. In a blog post, Bitbucket wrote: As we surpass 10 million registered users on the platform, we're at a point in our growth where we are conducting a deeper evaluation of the market and how we can best support our users going forward. After much consideration, we've decided to remove Mercurial support from Bitbucket Cloud and its API. Bitbucket will stop letting users create new Mercurial repositories starting February 1, 2020, and start removing all the Mercurial repositories four months later. So you will want to backup your repositories and switch to a different platform in the coming months. A different user pointed out, "Another shitty aspect of bitbucket dropping mercurial support and deleting all the old repositories in 2020: all yt pull request discussions from before 2017 are going to be deleted. There's valuable context for how the code got written in those discussions." Several users have expressed their concerns over this decision. Sebastien Jodogne, CSO at Osimis, said, "This is an extremely concerning decision that endangers diversity in the computer science industry by pushing the de facto hegemony of git."

For those of you affected by this, you can consider a number of platforms including SourceForge to host and manage your repositories.

A group of app developers have penned a letter to Apple CEO Tim Cook, arguing that certain privacy-focused changes to Apple's iOS 13 operating system will hurt their business. From a report: In a report by The Information, the developers were said to have accused Apple of anti-competitive behavior when it comes to how apps can access user location data. With iOS 13, Apple aims to curtail apps' abuse of its location-tracking features as part of its larger privacy focus as a company. Today, many apps ask users upon first launch to give their app the "Always Allow" location-tracking permission. Users can confirm this with a tap, unwittingly giving apps far more access to their location data than is actually necessary, in many cases. In iOS 13, however, Apple has tweaked the way apps can request location data. There will now be a new option upon launch presented to users, "Allow Once," which allows users to first explore the app to see if it fits their needs before granting the app developer the ability to continually access location data. This option will be presented alongside existing options, "Allow While Using App" and "Don't Allow." The "Always" option is still available, but users will have to head to iOS Settings to manually enable it. The app developers argue that this change may confuse less technical users, who will assume the app isn't functioning properly unless they figure out how to change their iOS Settings to ensure the app has the proper permissions.

"Earlier this year I gave a talk at FullStack conference in London about making iFrames cool again," writes a lead engineer at PayPal. In a nutshell: iframes let you build user experiences into embeddable 'cross-domain components', which let users interact with other sites without being redirected. There are a metric ton of awesome uses for that other than tracking and advertizing. Nothing else comes close for this purpose; and as a result, I feel we're not using iframes to their full potential.

There are big problems, though... My talk went into how at PayPal, we built Zoid to solve some of the major problems with iframes and popups:

- Pre-render to avoid the perception of slow rendering

- Automatically resize frames to fit child content

- Automatically resize frames to fit child content

- Pass down any kind of data and functions/callbacks as props (just like React), and avoid the nightmare of cross-domain messaging between windows.

- Make iframes and popups feel like first class (cross-domain) components.

Zoid goes a long way. But there are certain problems a mere javascript library can not solve. This is my bucket list for browser vendors, to make iframes more of a first class citizen on the web... Because fundamentally: the idea of cross-domain embeddable components is actually pretty useful once you start talking about shareable user experiences, rather than just user-tracking and advertizing which are obviously pills nobody enjoys swallowing.
He acknowledges that he "really likes" the work that's been done on Google Chrome's Portals (which he earlier described as "like iframes, but better, and worse.")

"I just hope iframes don't get left behind."

Stack Overflow shares a new tool from a team of researchers that "takes the description of a programming task as a query and then provides relevant, comprehensive programming solutions containing both code snippets and their succinct explanations" -- the Crowd Knowledge Answer Generator (or CROKAGE): In order to reduce the gap between the queries and solutions, the team trained a word-embedding model with FastText, using millions of Q&A threads from Stack Overflow as the training corpus. CROKAGE also expanded the natural language query (task description) to include unique open source software library and function terms, carefully mined from Stack Overflow.

The team of researchers combined four weighted factors to rank the candidate answers... In particular, they collected the programming functions that potentially implement the target programming task (the query), and then promoted the candidate answers containing such functions. They hypothesized that an answer containing a code snippet that uses the relevant functions and is complemented with a succinct explanation is a strong candidate for a solution. To ensure that the written explanation was succinct and valuable, the team made use of natural language processing on the answers, ranking them most relevant by the four weighted factors. They selected programming solutions containing both code snippets and code explanations, unlike earlier studies. The team also discarded trivial sentences from the explanations...

The team analyzed the results of 48 programming queries processed by CROKAGE. The results outperformed six baselines, including the state-of-art research tool, BIKER. Furthermore, the team surveyed 29 developers across 24 coding queries. Their responses confirm that CROKAGE produces better results than that of the state-of-art tool in terms of relevance of the suggested code examples, benefit of the code explanations, and the overall solution quality (code + explanation).
The tool is still being refined, but it's "experimentally available" -- although "It's limited to Java queries for now, but the creators hope to have an expanded version open to the public soon."

It will probably be more useful than Stack Roboflow, a site that uses a neural network to synthesize fake Stack Overflow questions.

There can be more than one correct answer for academic tests of programming ability, writes long-time Slashdot reader theodp: Take the first of the Free-Response Questions in this year's AP CS A exam, which asked 70,000 college-bound students to "Write the static method numberOfLeapYears, which returns the number of leap years between year1 and year2." The correct answer, according to the CollegeBoard's 2019 Scoring Guidelines, entails iterating over the range of years and invoking a provided helper method called isLeapYear for each year.

Which does work, of course, but what if a student instead took an Excel-like approach to the same problem that consists of a (hopefully correct!) single formula with no iteration or isLeapYear helper function? Would that be a worse — or better -- example of computational thinking than the endorsed AP CS A Java-based solution? (Here's a 7-minute AP Conference discussion of how to correctly grade this problem)?

So, how have you seen schools and companies deal with unexpected-but-correct approaches to coding test questions?

Last November, YouTube announced that it would be removing the paywall for its original programming starting in 2019. Now, we have more details on exactly how and when this will work. Android Central reports: Per a statement sent out by the YouTube team: "New YouTube Originals series, movies, and live events released after September 24, 2019 will be made available to non-members to watch for free, with ads. For series, members will get immediate access to every episode of a new season, while non-members will have to wait for each new episode to be released."

It appears that YouTube Originals content released prior to that September 24 date will remain exclusive to Premium subscribers, but going forward, it'll be fair game for everyone. While that does slightly water-down the perks of being a YouTube Premium subscriber, it's also noted that paying customers will gain access to additional footage that won't be available for free users: "In most cases, where available, Director's cuts and bonus footage for YouTube Originals movies and live events will be exclusive to members like you, as well."

Freshly Exhumed shares a report from The Guardian: Automatic license plate readers, which use networked surveillance cameras and simple image recognition to track the movements of cars around a city, may have met their match, in the form of a T-shirt. Or a dress. Or a hoodie. The anti-surveillance garments were revealed at the DefCon cybersecurity conference in Las Vegas on Saturday by the hacker and fashion designer Kate Rose, who presented the inaugural collection of her Adversarial Fashion line.

To human eyes, Rose's fourth amendment T-shirt contains the words of the fourth amendment to the U.S. constitution in bold yellow letters. The amendment, which protects Americans from "unreasonable searches and seizures," has been an important defense against many forms of government surveillance: in 2012, for instance, the U.S. supreme court ruled that it prevented police departments from hiding GPS trackers on cars without a warrant. But to an automatic license plate reader (ALPR) system, the shirt is a collection of license plates, and they will get added to the license plate reader's database just like any others it sees. The intention is to make deploying that sort of surveillance less effective, more expensive, and harder to use without human oversight, in order to slow down the transition to what Rose calls "visual personally identifying data collection." "It's a highly invasive mass surveillance system that invades every part of our lives, collecting thousands of plates a minute. But if it's able to be fooled by fabric, then maybe we shouldn't have a system that hangs things of great importance on it," she said.

Researchers said they have found a publicly accessible database containing almost 28 million records -- including plain-text passwords, face photos, and personal information -- that was used to secure buildings around the world. Ars Technica reports: Researchers from vpnMentor reported on Wednesday that the database was used by the Web-based Biostar 2 security system sold by South Korea-based Suprema. Biostar uses facial recognition and fingerprint scans to identify people authorized to enter warehouses, municipal buildings, businesses, and banks. vpnMentor said the system has more than 1.5 million installations in a wide range of countries including the U.S., the UK, Indonesia, India, and Sri Lanka. According to vpnMentor, the 23-gigabyte database contained more than 27.8 million records used by Biostar to secure customer facilities. The data included usernames, passwords and user IDs in plaintext, building access logs, employee records including start dates, personal details, mobile device data, and face images. The researchers said the data also included more than 1 million records containing actual fingerprint scans, but the report provided no data to support the claim.

"The vpnMentor researchers said they discovered the exposed database on August 5 and privately reported the finding two days later," reports Ars Technica. "The data wasn't secured until Tuesday, six days later."

Eyal Guthmann, a software engineer at cloud storage service Dropbox, writes: Until very recently, Dropbox had a technical strategy on mobile of sharing code between iOS and Android via C++. The idea behind this strategy was simple -- write the code once in C++ instead of twice in Java and Objective C. We adopted this C++ strategy back in 2013, when our mobile engineering team was relatively small and needed to support a fast growing mobile roadmap. We needed to find a way to leverage this small team to quickly ship lots of code on both Android and iOS. We have now completely backed off from this strategy in favor of using each platforms' native languages (primarily Swift and Kotlin, which didn't exist when we started out). This decision was due to the (not so) hidden cost associated with code sharing.

Here are some of the things we learned as a company on what it costs to effectively share code. And they all stem from the same basic issue: By writing code in a non-standard fashion, we took on overhead that we would have not had to worry about had we stayed with the widely used platform defaults. This overhead ended up being more expensive than just writing the code twice.

This week from 63-year-old Python creator Guido van Rossum shared some interesting stories with ZDNet's senior reporter Nick Heath: While sharing software with the world today only takes a few clicks, in the 1980s it was an altogether more laborious affair, with van Rossum recalling the difficulties of trying to distribute Python precursor ABC. "I remember around '85, going on a vacation trip to the US, my first ever visit to the US, with a magnetic tape in my luggage," says van Rossum. Armed with addresses and phone numbers of people who had signalled an interest in ABC via the rudimentary email system available at the time -- which wasn't suited to handling anything as large as source code -- he travelled door-to-door posting the tapes. Despite this effort, ABC didn't really take off. "So, no wonder we didn't get very far with the distribution of ABC, despite all its wonderful properties," he says.

But as the internet revolution gathered steam, it would be much easier to distribute Python without a suitcase full of tapes. Van Rossum released Python to the world via the alt.sources newsgroup in 1991, under what was pretty much an open-source licence, six years before the term was first coined. While Python interpreter still had to be joined together into a compressed file from 21 separate parts and downloaded overnight on the Usenet network, it was still a vastly more efficient delivery mechanism than the hand deliveries of a few years earlier.
Guido also shared some new comments on why he stepped down as Python's Benevolent Dictator for Life: "I was very disappointed in how the people who disagreed technically went to social media and started ranting that the decision process was broken, or that I was making a grave mistake. I felt attacked behind my back," he says. "In the past, it had always been clear that if there were a decision to be made about a change in the language or an improved feature, a whole bunch of core developers would discuss the pros and cons of the thing. Either a clear consensus would appear or, if it was not so clear, I would mull it over in my head and decide one way or another. With PEP572, even though it was clearly controversial, I chose 'Yes, I want to do this', and people didn't agree to disagree.

"It wasn't exactly a revolt, but I felt that I didn't have the trust of enough of the core developer community to keep going."

He thinks the change in how disputes about the language play out is partly a result of how many people use Python today. "It's probably also the fact that the Python community is so much larger. It's harder to reach any form of consensus, of course, because there's always fringe dissidents, no matter which way you decide." Earlier this year, Python core developers -- those who work on maintaining and updating Python's reference CPython interpreter -- elected a steering council to oversee the future of the language. Van Rossum was elected, alongside Warsaw and fellow core developers Brett Cannon, Carol Willing, and Nick Coghlan.

An anonymous reader writes: "The voter information of more than 14.3 million Chileans, which accounts to nearly 80% of the country's entire population, was left exposed and leaking on the internet inside an Elasticsearch database," reports ZDNet. "The database contained names, home addresses, gender, age, and tax ID numbers (RUT, or Rol Único Tributario) for 14,308,151 individuals...including many high-profile Chilean officials."

A spokesperson for the Chile Electoral Service said the data appears to have been scraped without authorization from its website, from a section that allows users to update their voting data. Chile now joins countries as the US, Mexico, Turkey, and the Philippines, whose voter information was gathered in bulk and then published online in one big pile, easy to access for any crooks.

Long-time Slashdot reader mejustme shared this report from Hackaday: If you have an opinion about C++, chances are you either love it for its extensiveness and versatility, or you hate it for its bloated complexity and would rather stick to alternative languages on both sides of the spectrum. Either way, here's your chance to form a new opinion about the language. The C++ standard committee has recently gathered to work on finalizing the language standard's newest revision, C++20, deciding on all the new features that will come to C++'s next major release.

After C++17, this will be the sixth revision of the C++ standard, and the language has come a long way from its "being a superset of C" times. Frankly, when it comes to loving or hating the language, I haven't fully made up my own mind about it yet. My biggest issue with it is that "programming in C++" can just mean so many different things nowadays, from a trivial "C with classes" style to writing code that will make Perl look like prose. C++ has become such a feature-rich and downright overwhelming language over all these years, and with all the additions coming with C++20, things won't get easier. Although, they also won't get harder. Well, at least not necessarily. I guess? Well, it's complex, but that's simply the nature of the language...

From better type checking and compiler errors messages to Python-like string handling and plans to replace the #include system, there's a lot at play here!
The article mentions coroutines, the spaceship operator for three-way comparisons, and "a bunch of additions to lambda expressions," as well as a new keyword constinit and removing limitations on the usage of constexpr.

And in addition, "ranges are the new iterators" and concepts "have graduated from being an experimental feature to a full-fledged part of the language standard, allowing the addition of semantic constraints to templates, and ultimately making generic programming a hint more specific."

"The New York Police Department (NYPD) has been loading thousands of arrest photos of children and teenagers into a facial recognition database despite evidence the technology has a higher risk of false matches in younger faces," reports The New York Times. Some of the children included in the database are as young as 11, but most are teenagers between 13 and 16 years old. From the report: Elected officials and civil rights groups said the disclosure that the city was deploying a powerful surveillance tool on adolescents -- whose privacy seems sacrosanct and whose status is protected in the criminal justice system -- was a striking example of the Police Department's ability to adopt advancing technology with little public scrutiny. Several members of the City Council as well as a range of civil liberties groups said they were unaware of the policy until they were contacted by The New York Times.

Police Department officials defended the decision, saying it was just the latest evolution of a longstanding policing technique: using arrest photos to identify suspects. The New York Police Department can take arrest photos of minors as young as 11 who are charged with a felony, depending on the severity of the charge. And in many cases, the department keeps the photos for years, making facial recognition comparisons to what may have effectively become outdated images. There are photos of 5,500 individuals in the juvenile database, 4,100 of whom are no longer 16 or under, the department said. Teenagers 17 and older are considered adults in the criminal justice system. Civil rights advocates say that including their photos in a facial recognition database runs the risk that an imperfect algorithm identifies them as possible suspects in later crimes. A mistaken match could lead investigators to focus on the wrong person from the outset, they said.

An anonymous reader shares a report: Not all programming languages endure forever. In fact, even the most popular ones inevitably crumble away, as new generations of developers embrace other languages and frameworks they find easier to work with. In order to determine which programming languages are likely doomed in the medium- to long-term, we looked at the popularity rankings by TIOBE and RedMonk, as well as Dice's own database of job postings. If your career is based on any of the following languages, we suggest diversifying your skill-set at some point: Ruby, Haskell, Objective-C, R, and Perl.

Craig Mod: I love fast software. That is, software speedy both in function and interface. Software with minimal to no lag between wanting to activate or manipulate something and the thing happening. Lightness. Software that's speedy usually means it's focused. Like a good tool, it often means that it's simple, but that's not necessarily true. Speed in software is probably the most valuable, least valued asset. To me, speedy software is the difference between an application smoothly integrating into your life, and one called upon with great reluctance. Fastness in software is like great margins in a book -- makes you smile without necessarily knowing why. [...]

Speed and reliability are often intuited hand-in-hand. Speed can be a good proxy for general engineering quality. If an application slows down on simple tasks, then it can mean the engineers aren't obsessive detail sticklers. Not always, but it can mean disastrous other issues lurk. I want all my craftspeople to stickle. I don't think Ulysses (a popular text editing application) is badly made, but I am less confident in it than if it handled input and interface speed with more grace. Speed would make me trust it more.

An anonymous reader shares a report: The impact of U.S. trade restrictions is trickling down to the developer community. GitHub, the world's largest host of source code, is preventing users in Iran, Syria, Crimea and potentially other sanctioned nations from accessing portions of the service, chief executive of the Microsoft-owned firm said. Over the weekend, GitHub CEO Nat Friedman wrote on Twitter that like any other "company that does business in the US," GitHub is required to comply with the U.S. export law. The confirmation comes months after work collaboration service Slack, too, enforced similar restrictions on its platform.,

An anonymous reader quotes The Verge's AI and Robotics reporter: By scanning huge datasets of text, machine learning software can produce convincing samples of everything from short stories to song lyrics. Now, those same techniques are being applied to the world of coding with a new program called Deep TabNine, a "coding autocompleter." Programmers can install it as an add-on in their editor of choice, and when they start writing, it'll suggest how to continue each line, offering small chunks at a time. Think of it as Gmail's Smart Compose feature but for code.

Jacob Jackson, the computer science undergrad at the University of Waterloo who created Deep TabNine, says this sort of software isn't new, but machine learning has hugely improved what it can offer... Earlier this month, he released an updated version that uses a deep learning text-generation algorithm called GPT-2, which was designed by the research lab OpenAI, to improve its abilities. The update has seriously impressed coders, who have called it "amazing," "insane," and "absolutely mind-blowing" on Twitter...

Deep TabNine is trained on 2 million files from coding repository GitHub. It finds patterns in this data and uses them to suggest what's likely to appear next in any given line of code, whether that's a variable name or a function... Most importantly, thanks to the analytical abilities of deep learning, the suggestions Deep TabNine makes are of a high overall quality. And because the software doesn't look at users' own code to make suggestions, it can start helping with projects right from the word go, rather than waiting to get some cues from the code the user writes.
It's not free software. Currently a personal license costs $49 (with a business-use license costing $99), the Verge reports -- but the tool supports the following 22 languages...

Python, JavaScript, Java, C++, C, PHP, Go, C#, Ruby, Objective-C, Rust, Swift, TypeScript, Haskell, OCaml, Scala, Kotlin, Perl, SQL, HTML, CSS, and Bash.

DevNull127 writes: Hiring is broken and yours is too," argues a New York-based software developer whose LinkedIn profile says he's worked at both Amazon and Google, as well as doing architecture verification work for both Oracle and Intel. Summarizing what he's read about hiring just this year in numerous online articles, he lists out the arguments against virtually every popular hiring metric, ultimately concluding that "Until and unless someone does a rigorous scientific study evaluating different interviewing techniques, preferably using a double-blind randomized trial, there's no point in beating this dead horse further. Everyone's hiring practices are broken, and yours aren't any better."

For example, as a Stanford graduate he nonetheless argues that "The skills required for getting into Stanford at 17 (extracurriculars, SAT prep etc) do not correlate to job success as a software developer. How good a student you were at 17, is not very relevant to who you are at 25." References are flawed because "People will only ever list references who will say good things about them," and they ultimately punish people who've had bad managers. But asking for source code from past sides projects penalizes people with other interests or family, while "most work product is confidential."

Brain teasers "rely on you being lucky enough to get a flash of inspiration, or you having heard it before," and are "not directly related to programming. Even Google says it is useless." And live-coding exercises are "artificial and contrived," and "not reflective of practical coding," while pair programming is unrealistic, with the difficulty of the tasks varying from day to day.

He ultimately criticizes the ongoing discussion for publicizing the problems but not the solutions. "How exactly should we weigh the various pros and cons against each other and actually pick a solution? Maybe we could maybe try something novel like data crunch the effectiveness of each technique, or do some randomized experiments to measure the efficacy of each approach? Lol, j/k. Ain't nobody got time for that!"

After a developer based in the Crimea region of Ukraine was blocked from GitHub this week, the Microsoft-owned software development platform said it has started restricting accounts in countries facing U.S. trade sanctions. GitHub lists Crimea, Cuba, Iran, North Korea, and Syris as countries facing U.S. sanctions. ZDNet reports: As the developer reports, his website https://tkashkin.tk, which is hosted on GitHub, now returns a 404 error. He also can't create new private GitHub repositories or access them. While his website could easily be moved to another hosting provider, the block does pose a challenge for his work on GameHub, which has an established audience on GitHub.

GitHub does offer developers an appeal form to dispute restrictions but [the developer] told ZDNet that, at this point, there's nothing to gain by appealing the restriction. "It is just pointless. My account is flagged as restricted and, in order to unflag it, I have to provide a proof that I don't live in Crimea. I am in fact a Russian citizen with Crimean registration, I am physically in Crimea, and I am living in Crimea my entire life," he said. "For individual users, who are not otherwise restricted by U.S. economic sanctions, GitHub currently offers limited restricted services to users in these countries and territories. This includes limited access to GitHub public repository services for personal communications only," it says.

GitHub notes on its page about U.S. trade controls that its paid-for on-premise software -- aimed to enterprise users -- may be an option for users in those circumstances. "Users are responsible for ensuring that the content they develop and share on GitHub.com complies with the U.S. export control laws, including the EAR (Export Administration Regulations) and the U.S. International Traffic in Arms Regulations (ITAR)," GitHub says. "The cloud-hosted service offering available at Github.com has not been designed to host data subject to the ITAR and does not currently offer the ability to restrict repository access by country. If you are looking to collaborate on ITAR- or other export-controlled data, we recommend you consider GitHub Enterprise Server, GitHub's on-premises offering."

New submitter Grindop53 shares a report: Widespread reports of a "critical security issue" that supposedly impacted users of VLC media player have been debunked as "completely bogus" by developers. Earlier this week, German computer emergency response team CERT-Bund -- part of the Federal Office for Information Security (BSI) -- pushed out an advisory warning network administrators and other users of a high-impact vulnerability in VLC. It seems that this advisory can be traced back to a ticket that was opened on VLC owner VideoLAN's public bug tracker more than four weeks ago. The alleged heap-based buffer overflow flaw was disclosed by a user named "topsec(zhangwy)," who stated that a malicious .mp4 file could be leveraged by an attacker to take control of VLC media player users' devices. The issue was flagged as high-risk on the CERT-Bund site, and the vulnerability was assigned a CVE entry (CVE-2019-13615).

However, according to VideoLAN president Jean-Baptiste Kempf, the exploit does not work on the latest VLC build. In fact, any potential issues relating to the vulnerability were patched more than a year ago. "There is no security issue in VLC," Kempf told The Daily Swig in a phone conversation this morning. "There is a security issue in a third-party library, and a fix was pushed [out] 18 months ago." When asked how or why this oversight generated so much attention, Kempf noted that the reporter of the supposed vulnerability did not approach VideoLAN through its security reporting email address. "The guy never contacted us," said Kempf, who remains a lead developer at the VLC project. "This is why you don't report security issues on a public bug tracker." Kempf and his team were unable to replicate the issue in the latest version of VLC, leading many to believe that the bug reporter was working on a computer running an outdated version of Ubuntu. "If you report a security issue, at least update your Linux distribution," Kempf said.