GitLab, a San-Francisco provider of hosted git software, recently changed its company handbook to declare that it won't ban potential customers on "moral/value grounds," and that employees should not discuss politics at work. The Register reports: The policy addition, created by co-founder and CEO Sid Sijbrandij and implemented as a git pull request, was merged (with no approval required) about two weeks ago. It was proposed to clarify that GitLab is committed to doing business with "customers with values that are incompatible with our own values." Such a declaration could run afoul of legal boundaries in some circumstances. While workers have no constitutional speech protection in the context of their employment, federal labor law requires that employees be allowed to discuss the terms and conditions of their employment and possible unlawful conduct like harassment, discrimination, and safety violations.

But it's perhaps understandable given how, over the past few years, workers in the tech industry have become more vocal in objecting to business deals with entities deemed to be immoral or work that conflicts with declared or presumed values. Sijbrandij amended his company's handbook to state: "We do not discuss politics in the workplace and decisions about what customer to serve might get political." And what reason does Sijbrandij's pull request provide to support this position? It says, "Efficiency is one of our values and vetting customers is time consuming and potentially distracting."

Continuing its embracing of open source, Microsoft has today announced two new open source projects. From a report: The first is Open Application Model (OAM), a new standard for developing and operating applications on Kubernetes and other platforms. The second project is Dapr (Distributed Application Runtime), designed to make it easier to build microservice applications. Microsoft says that both OAM and Dapr "help developers remove barriers when building applications for cloud and edge." Microsoft has worked on OAM with Alibaba, and the aim is to simplify the development and deployment of applications. The company explains that: "OAM is a specification for describing applications so that the application description is separated from the details of how the application is deployed onto and managed by the infrastructure. This separation of concerns is helpful for multiple reasons." The second open source project is Dapr, which Microsoft describes as "an open source, portable, event-driven runtime that makes it easy for developers to build resilient, microservice stateless and stateful applications that run on the cloud and edge."

The npm ecosystem of JavaScript libraries is more interwoven than most developers think, and the entire thing is a gigantic house of cards, being one bad hack away from compromising hundreds of thousands of projects, according to a recent academic study. From a report: The research, carried out by the Department of Computer Science from the Technical University of Darmstadt, in Germany, analyzed the dependency graph of the entire npm ecosystem. Researchers downloaded metadata for all the npm packages published until April 2018 and created a giant graph that included 676,539 nodes and 4,543,473 edges (lines connecting the nodes). In addition, academics also analyzed different versions of the same packages, looking at historical versions (5,386,239 versions for the 676,539 packages), but also at the package maintainers (199,327 npm accounts), and known security flaws impacting the packages (609 public reports). [...]

Their goal was to get an idea of how hacking one or more npm maintainer accounts, or how vulnerabilities in one or more packages, reverberated across the npm ecosystem; along with the critical mass needed to cause security incidents inside tens of thousands of npm projects at a time. [...] But while some npm packages load code from too many packages and from too many developers, there is another dangerous trend forming on the npm package repository -- namely the consolidation of popular npm packages under a few maintainer accounts. "391 highly influential maintainers affect more than 10,000 packages, making them prime targets for attacks," the research team said. "If an attacker manages to compromise the account of any of the 391 most influential maintainers, the community will experience a serious security incident."

Scientists have uncovered a glitch in a piece of code that could have yielded incorrect results in over 100 published studies that cited the original paper. From a report: The glitch caused results of a common chemistry computation to vary depending on the operating system used, causing discrepancies among Mac, Windows, and Linux systems. The researchers published the revelation and a debugged version of the script, which amounts to roughly 1,000 lines of code, last week in the journal Organic Letters. "This simple glitch in the original script calls into question the conclusions of a significant number of papers on a wide range of topics in a way that cannot be easily resolved from published information because the operating system is rarely mentioned," the new paper reads. "Authors who used these scripts should certainly double-check their results and any relevant conclusions using the modified scripts in the [supplementary information]." Yuheng Luo, a graduate student at the University of Hawai'i at Manoa, discovered the glitch this summer when he was verifying the results of research conducted by chemistry professor Philip Williams on cyanobacteria. The aim of the project was to "try to find compounds that are effective against cancer," Williams said.

An anonymous reader writes: TED Conferences has its own educational YouTube channel (now with 10 million subscribers and over 1.5 billion views). Two weeks ago it launched a 10-episode animated series about computer programming, and its first episode -- The Prison Break -- has already been viewed nearly a quarter of a milllion times.

In the 7-minute video, a programmer wakes up in a prison cell -- with total amnesia -- and discovers a "mysterious stranger" squeezing through the jail cell's bars. It's a floating anthropomorphic drone, saying it needs the programmer's help to rescue a dystopian future world "in turmoil. Robots have taken over." The video introduces the computer programming concept of a loop -- since escaping the jail cell involves testing a key in every possible position. And the video's page on the TED-Ed web site offers links to related resources from Code.org and Free Code Camp, as well as from Advent of Code, "which is run by Eric Wastl, who consulted extensively on Think Like a Coder and inspired quite a few of the puzzles."

The episode ends with the programmer dangling from the flying drone, off on an attempt to recover three artifacts -- nodes of memory, power, and creation -- that are currently being used for "nefarious purposes."

Long-time Slashdot reader hondo77 notes that Larry Wall has given his approval to the re-naming of Perl 6.

In the "Path to Raku" pull request, Larry Wall indicated his approval, leaving this comment: I am in favor of this change, because it reflects an ancient wisdom:

"No one sews a patch of unshrunk cloth on an old garment, for the patch will pull away from the garment, making the tear worse. Neither do people pour new wine into old wineskins. If they do, the skins will burst; the wine will run out and the wineskins will be ruined. No, they pour new wine into new wineskins, and both are preserved."
"Perl 6 will become Raku, assuming the four people who haven't yet approved the pull request give their okay," reports the Register, adding that Perl 5 will then become simply Perl.

Dozens of comments on that pull request have now already been marked as "outdated," and while a few contributors have made a point of abstaining from the approval process, reviewer Alex Daniel notes that "this pull request will be merged on October 14th if nobody in the list rejects it or requests more changes."

Over 100 published studies may have incorrect results thanks to a glitchy piece of Python code discovered by researchers at the University of Hawaii.

An anonymous reader quotes Motherboard: The glitch caused results of a common chemistry computation to vary depending on the operating system used, causing discrepancies among Mac, Windows, and Linux systems. The researchers published the revelation and a debugged version of the script, which amounts to roughly 1,000 lines of code, on Tuesday in the journal Organic Letters.

"This simple glitch in the original script calls into question the conclusions of a significant number of papers on a wide range of topics in a way that cannot be easily resolved from published information because the operating system is rarely mentioned," the new paper reads. "Authors who used these scripts should certainly double-check their results and any relevant conclusions using the modified scripts in the [supplementary information]."

Yuheng Luo, a graduate student at the University of Hawaii at Manoa, discovered the glitch this summer when he was verifying the results of research conducted by chemistry professor Philip Williams on cyanobacteria... Under supervision of University of Hawaii at Manoa assistant chemistry professor Rui Sun, Luo used a script written in Python that was published as part of a 2014 paper by Patrick Willoughby, Matthew Jansma, and Thomas Hoye in the journal Nature Protocols . The code computes chemical shift values for NMR, or nuclear magnetic resonance spectroscopy, a common technique used by chemists to determine the molecular make-up of a sample. Luo's results did not match up with the NMR values that Williams' group had previously calculated, and according to Sun, when his students ran the code on their computers, they realized that different operating systems were producing different results.

Sun then adjusted the code to fix the glitch, which had to do with how different operating systems sort files.
The researcher who wrote the flawed script told Motherboard that the new study was "a beautiful example of science working to advance the work we reported in 2014. They did a tremendous service to the community in figuring this out."

Sun described the original authors as "very gracious," saying they encouraged the publication of the findings.

GitHub CEO Nat Friedman explained why the company plans to renew a contract with U.S. Immigration and Customs Enforcement (ICE), even though he and others at GitHub oppose ICE's policy of separating children from parents at the border, Motherboard reported on Wednesday, citing an internal GitHub email. From a report: The email shows the continuing debate within the tech industry about whether companies should work specifically with ICE, and comes as a host of other companies have dealt with employee protests over corporate involvement with ICE. "In August, the GitHub leadership team learned about a pending renewal of our product by the U.S. Immigration & Customs Enforcement (ICE) agency. Since then, we have been talking with people throughout the company, based on our own personal concerns and those raised by Hubbers," Friedman's email reads, referring to GitHub employees. Evan Greer, deputy director at activism group Fight for the Future tweeted a copy of the email on Tuesday. Motherboard also separately obtained a copy of the email from a source inside GitHub. The product up for renewal is a license of GitHub Enterprise Server, an on-premises deployment of GitHub that customers can run on their own server, according to the email. ICE originally bought a license in April, 2016.

An anonymous reader quotes a report from The Wall Street Journal: Some of the Federal Bureau of Investigation's electronic surveillance activities violated the constitutional privacy rights of Americans swept up in a controversial foreign intelligence program (Warning: source paywalled; alternative source), a secretive surveillance court has ruled. The ruling deals a rare rebuke to U.S. spying activities that have generally withstood legal challenge or review. The intelligence community disclosed Tuesday that the Foreign Intelligence Surveillance Court last year found that the FBI's pursuit of data about Americans ensnared in a warrantless internet-surveillance program intended to target foreign suspects may have violated the law authorizing the program, as well as the Constitution's Fourth Amendment protections against unreasonable searches.

The court concluded that the FBI had been improperly searching a database of raw intelligence for information on Americans -- raising concerns about oversight of the program, which as a spy program operates in near total secrecy. The court ruling identifies tens of thousands of improper searches of raw intelligence databases by the bureau in 2017 and 2018 that it deemed improper in part because they involved data related to tens of thousands of emails or telephone numbers -- in one case, suggesting that the FBI was using the intelligence information to vet its personnel and cooperating sources. Federal law requires that the database only be searched by the FBI as part of seeking evidence of a crime or for foreign intelligence information. In other cases, the court ruling reveals improper use of the database by individuals. In one case, an FBI contractor ran a query of an intelligence database -- searching information on himself, other FBI personnel and his relatives, the court revealed. U.S. District Judge James Boasberg said that the Trump administration failed to persuasively argue that the bureau would not be able to properly tackle national security threats if the program was altered to better protect citizen privacy.

Last year, Apple software chief Craig Federighi said developers would be able to easily bring their iPad apps to Mac computers, essentially letting coders write an app once and deploy it across millions more devices. So far, the reality has fallen short for some developers and is even leaving consumers paying twice for apps. From a report: Major app developers and service providers like Netflix are also demurring on taking part, at least at this early stage. Apple rolled out Catalyst, the technology to transition iPad apps into Mac versions, on Monday. It's the initial step toward a bigger goal: By 2021, developers should be able to build an app once and have it work on iPhones, iPads and Mac computers through a single, unified App Store. But the first iteration, which appears to still be quite raw and in a number of ways frustrating to developers, risks upsetting users who may have to pay again when they download the Mac version of an iPad app they've already bought.

"As a user, I don't want to pay again just to have the same app," said longtime Apple developer Steven Troughton-Smith. "As a developer, I don't want my users to have to make that decision." James Thompson has had to work harder than he expected to get his popular PCalc calculator iPad app running well on Mac computers. Getting paid a second time for that extra work makes sense for developers, but consumers may not immediately understand that after Apple made the porting process sound as easy as checking a box, he said. Kevin Reutter, who has brought his Planny app to Mac computers, called the situation "sad."

An anonymous reader quotes a report from ZDNet: At the 2019 Linux Plumbers Conference, I talked to Linus Torvalds and several other of the Linux kernel's top programmers. They universally agreed Microsoft wants to control Linux, but they're not worried about it. That's because Linux, by its very nature and its GPL2 open-source licensing, can't be controlled by any single third-party. Torvalds said: "The whole anti-Microsoft thing was sometimes funny as a joke, but not really. Today, they're actually much friendlier. I talk to Microsoft engineers at various conferences, and I feel like, yes, they have changed, and the engineers are happy. And they're like really happy working on Linux. So I completely dismissed all the anti-Microsoft stuff."

But that doesn't mean the Microsoft leopard can't change its spots. Sure, he hears, "This is the old Microsoft, and they're just biding their time." But, Torvalds said, "I don't think that's true. I mean, there will be tension. But that's true with any company that comes into Linux; they have their own objectives. And they want to do things their way because they have a reason for it." So, with Linux, "Microsoft tends to be mainly about Azure and doing all the stuff to make Linux work well for them," he explained. Torvalds emphasized this is normal: "I mean, that's just being part of the community." James Bottomley, an IBM Research Distinguished Engineer and top Linux kernel developer, sees Microsoft as going through the same process as all other corporate Linux supporters: "This is a thread that runs through Linux. You can't work on the kernel to your own proprietary advantage. A lot of companies, as they came in with the proprietary business model, assumed they could. They have to be persuaded that, if you want something in Linux, that will assist your business -- absolutely fine. But it has to go through an open development process. And if someone else finds it useful, you end up cooperating or collaborating with them to produce this feature." That means, to get things done, even Microsoft is "eventually forced to collaborate with others."

Bottomley concluded: "So it doesn't matter if Microsoft has a competing agenda to Red Hat or IBM or anybody else. Developers are still expected to work together in the Linux kernel with a transparent agenda."

The Transaction Processing Performance Council is a many-decades-old nonprofit that defines transaction processing and database benchmarks and shares its performance results with the industry.

Long-time Slashdot reader hackingbear says they've just released some surprising news: The TPC organization reported on October 5 that OceanBase, an open-source relational database from Ant Financial, a business unit of Chinese e-commerce giant Alibaba Group, has topped the TPC-C benchmark, more than doubling the score achieved by Oracle Corp. which had held the world record for the past 9 years.

OceanBase v2.2 Enterprise Edition with Partitioning scored at 60,880,800, while Oracle Database 11g R2 Enterprise Edition w/RAC and Partitioning achieved 30,249,688.

TPC Benchmark C is industrial standard OLTP benchmark, measuring on-line transactions per minute (tpmC).

Dave Knott writes: A Montreal legal firm has requested authorization to launch a class-action lawsuit against Epic Games, makers of the widely-popular video game Fortnite. The legal notice, filed on behalf of two minors, likens the effect of the game to cocaine, saying it releases the chemical dopamine to the brain of vulnerable young people who can become dependent on playing. Much of the suit is based on a 2015 Quebec Superior Court ruling that determined tobacco companies didn't warn their customers about the dangers of smoking. Jean-Philippe Caron, a lawyer at Calex, said the firm was contacted by several parents whose kids had become addicted to the game.

Last year, the World Health Organization classified addiction to video games as a disease. It defined the disorder as "a pattern of gaming behavior characterized by impaired control over gaming, increased priority given to gaming over other activities to the extent that gaming takes precedence over other interests and daily activities, and continuation or escalation of gaming despite the occurrence of negative consequences." According to Caron, Fortnite was designed by psychologists to make it more addictive. "They knew that their game was very attractive, yet they did not divulge the risks to the population. It's a little like tobacco."

Apple said it will ease some restrictions on developers of third-party apps, responding to news reports about the rise of in-house software that gets prized default status on iPhones and iPads. From a report: The Cupertino, California-based company plans to release a software update later this year that will help outside messaging applications work better with the Siri digital assistant. Right now, when iPhone users ask Siri to call or message a friend, the system defaults to Apple's Phone or iMessage apps. If you want to use WhatsApp or Skype, you have to specifically say that.

When the software refresh kicks in, Siri will default to the apps that people use frequently to communicate with their contacts. For example, if an iPhone user always messages another person via WhatsApp, Siri will automatically launch WhatsApp, rather than iMessage. It will decide which service to use based on interactions with specific contacts. Developers will need to enable the new Siri functionality in their apps. This will be expanded later to phone apps for calls as well.

theodp writes: On Friday, U.S. Secretary of Education Betsy DeVos announced $123 million in new Education Innovation and Research (EIR) grant awards to 41 school districts, nonprofits and state educational agencies. Over $78 million of that went to 29 grantees focused on Science, Technology, Engineering, and Math (STEM) education, and more than 85% of the funded STEM projects include a specific focus on computer science. The announcement was scant on details, but the awardees listed include tech-bankrolled Code.org, whose Board of Directors include Microsoft President Brad Smith, Amazon CEO of Worldwide Consumer Jeff Wilke, and Google VP of Education & University Programs Maggie Johnson. In his new book, Tools and Weapons, Smith interestingly reveals how Microsoft, Amazon, and Google each pledged to commit $50 million to K-12 computer science education to get First Daughter and Presidential Adviser Ivanka Trump to work to secure $1 billion of Federal support for K-12 STEM/CS education.

From the book: "While you would be hard-pressed to say that every student must take computer science, you could say that every student deserves the opportunity. That means getting computer science into every high school, and into earlier grades as well. The only way to train teachers at this scale is for federal funding to help fill the gap. After years of lobbying, there was a breakthrough in federal interest in 2016. In January President Obama announced a bold proposal to invest $4 billion of federal money to bring computer science to the nation's schools. While the proposal produced enthusiasm, it didn't spur Congress to appropriate any new money. Ivanka Trump had more success the following year. Even before her father had moved into the White House, she was interested in federal investments in computer science in schools. She was confident she could persuade the president to support the idea, but she also believed that the key to public money was to secure substantial private funding from major technology companies. She said she would work to secure $1 billion of federal support over five years if the tech sector would pledge $300 million during the same time. As always, there was the question of whether someone would go first. The White House was looking for a company to get things rolling by pledging $50 million over five years. Given Microsoft's long-standing involvement, financial support, and prior advocacy with the Obama White House, we were a natural choice. We agreed to make the commitment, other companies followed, and in September 2017 Mary Snapp, the head of Microsoft Philanthropies, joined Ivanka in Detroit to make the announcement."

The $300 million was apparently money well-pledged. Surrounded by children, educators, Ivanka Trump and Education Secretary Betsy DeVos, President Trump in late 2017 signed a presidential memorandum directed to DeVos calling for the expansion of K-12 computer science and STEM education in the U.S. with at least $200 million in annual grant funding.

Mike Masnick, reporting for TechDirt: Last week, the Solicitor General of the White House weighed in on Google's request for the Supreme Court to overturn the Federal Circuit's ridiculously confused ruling in the Oracle/Google case concerning the copyrightability of APIs (and whether or not repurposing them is fair use). Not surprisingly, as the Solicitor General has been siding with Oracle all along, it suggests that the Supreme Court not hear the case. Of course, it does so by completely misrepresenting what's at stake in the case -- pretending that this is about whether or not software source code is copyright-eligible:

"This case concerns the copyrightability of computer code. To induce a computer to perform a function, a person must give the computer written instructions. Typically, those instructions are written in 'source code,' which consists of words, numbers, and symbols in a particular 'programming language,' which has its own syntax and semantics. The source code is then converted into binary 'object code' -- ones and zeros -- that is readable by the computer.

It is both 'firmly established' and undisputed in this case that computer code can be copyrightable as a 'literary work[].' 1 Melville B. Nimmer & David Nimmer, Nimmer on Copyright & 2A.10[B] (2019). Section 101 defines a 'computer program' as 'a set of statements or instructions to be used directly or indirectly in a computer in order to bring about a certain result.' 17 U.S.C. 101. And various Copyright Act provisions recognize that a person may own a copyright in a 'computer program.'"

Masnick adds: Except... that's not what this case is about. Even remotely. Literally no one denies that software source code is subject to copyright. The question is whether or not an Application Programming Interface -- an API -- is subject to copyright.

An anonymous reader quotes ZDNet: Microsoft has launched a new 44-part series called Python for Beginners on YouTube, consisting of three- to four-minute lessons from two self-described geeks at Microsoft who love programming and teaching.

The course isn't quite for total beginners as it assumes people have done a little programming in JavaScript or played around with the MIT-developed Scratch visual programming language aimed at kids. But it could help beginners kick-start ambitions to build machine-learning apps, web applications, or automate processes on a desktop.... It has published a page on GitHub containing additional resources, including slides and code samples to help students become better at Python.

"It's that time of year again when we come together to support and celebrate the open source technologies we use and love," announces a post on Digital Ocean's blog. Hacktoberfest is a monthlong celebration of open source software. It was started at DigitalOcean as a way to foster a sense of community and encourage more participation in open source projects. To reward Hacktoberfest contributors, we've designed a limited edition T-shirt for those who complete the challenge each year. This year, the first 50,000 participants will be eligible to receive the limited edition shirt...

One of the enticing elements of this celebration is that you don't have to leave the comfort of your office or home to participate. But each year, more and more Hacktoberfest events have been organized since we introduced the Event Kit. In 2018 alone, there were 251 Hacktoberfest events. All of these took place during October and happened in 50 countries. With October five days away, we're already expecting to exceed last year's number of events! Wow... if you're in or around New York City, we invite you to join us at the Hacktoberfest kickoff celebration at the DigitalOcean headquarters...

This year, we're also hoping to drive awareness of the negative impacts many people around the world are experiencing due to the many environmental crises we're faced with -- and encourage participation in projects that are targeting these causes. We've identified a handful of projects on GitHub that focus on supporting the environment, which you can find in our Climate section. We hope you'll consider contributing to some of the impactful work being done by activists, scientists, and mission-driven organizations around the globe... Let's join forces to make a difference!
Last year's Hacktoberfest saw 401,231 pull requests on GitHub, according to the blog post.

Matthew Garrett is a security developer at Google and a Linux contributor who in 2014 won the Free Software Foundation's annual "Advancement of Free Software" award. But now he's asking if we need to re-think what free software is: If users can pay Amazon to provide a hosted version of a piece of software, there's little incentive for them to pay the authors of that software. This has led to various projects adopting license terms such as the Commons Clause that effectively make it nonviable to provide such a service, forcing providers to pay for a commercial use license instead. In general the entities pushing for these licenses are VC backed companies who are themselves benefiting from free software written by volunteers that they give nothing back to, so I have very little sympathy. But it does raise a larger issue -- how do we ensure that production of free software isn't just a mechanism for the transformation of unpaid labour into corporate profit...?

At the same time, people are spending more time considering some of the other ethical outcomes of free software. Copyleft ensures that you can share your code with your neighbour without your neighbour being able to deny the same freedom to others, but it does nothing to prevent your neighbour using your code to deny other fundamental, non-software, freedoms. As governments make more and more use of technology to perform acts of mass surveillance, detention, and even genocide, software authors may feel legitimately appalled at the idea that they are helping enable this by allowing their software to be used for any purpose. The JSON license includes a requirement that "The Software shall be used for Good, not Evil", but the lack of any meaningful clarity around what "Good" and "Evil" actually mean makes it hard to determine whether it achieved its aims.

As stewards of the free software definition, the Free Software Foundation should be taking the lead in ensuring that these issues are discussed. The priority of the board right now should be to restructure itself to ensure that it can legitimately claim to represent the community and play the leadership role it's been failing to in recent years, otherwise the opportunity will be lost and much of the activist energy that underpins free software will be spent elsewhere. If free software is going to maintain relevance, it needs to continue to explain how it interacts with contemporary social issues. If any organisation is going to claim to lead the community, it needs to be doing that.

OneHundredAndTen writes: According to this Forbes article, the Pentagon is worried that many in the USA's military nerve center claim to use Agile methods, when in fact, they aren't. Those responsible for these things at the Pentagon have therefore come up with a Detecting Agile BS document, so people can tell when they are doing Agile vs. when they are doing BS Agile. The implicit conclusion seems to be the usual "if it doesn't work for you, you are not doing it right."
The article was written by the author of The Age of Agile: How Smart Companies Are Transforming the Way Work Gets Done, a 2018 book arguing "An unstoppable business revolution is under way -- and it is Agile. Companies that embrace Agile Management learn to connect everyone and everything...all the time. They can deliver instant, intimate, frictionless value on a large scale." The book's author is Stephen Denning, who spent four years as Program Director of Knowledge Management during his decades of management at the World Bank.

His Forbes article this week warns "effective software development at DoD is not just a narrow issue affecting a few software developers. Questions of national cyber security and the integrity of the upcoming U.S. presidential election may depend on it... Fresh thinking and Agile mindsets are urgently needed."