Ten days ago 66-year-old tech pundit Robert Cringely revealed the first of what may be his final set of annual predictions for the technology industry -- but he's not done yet. Thursday Cringely predicted that "the Virtual Private Cloud (VPC) solution based on Open Source using Linux will change the Internet-as-a-Service Cloudscape to VPC-only during 2019" -- and that there'll be an industry-wide shakeout.

Long-time Slashdot reader supremebob, a Connecticut-based sys-admin, writes: He seems to believe that IBM Cloud and Oracle Cloud and doomed to fail, and Alibaba will only survive because of its strong Chinese presence. These seem like safe predictions, but his comments on Google Cloud are somewhat controversial...
After AWS, Alibaba, and Microsoft, "All the others will eventually disappear," Cringely writes, adding "Remember you read it first here." Google's largest cloud customer will always be Google and that will inevitably lead to poorer service for outside customers. That's why I think of Google Cloud as half of a player. Feel free to prove me wrong by delighting customers, Google... I don't see the marketing effort to help clients migrate. Lots of handholding is needed that IBM and Microsoft are happy to provide. Google does not understand customers whose IQs are sub-200. As such, Google doesn't have (and likely won't) have a history of winning outside of search advertising.

For IBM, their VPC roll-out is coming in the next month or two, but it's more marketing than an actual product. Big Blue simply has no capital to build out a unique offering. And Oracle? Well the new head of Google Cloud came from Oracle, where not enough was happening.
Cringely also predicts the U.S. government will try to force Amazon to spin-off its near-monopoly cloud business, noting that "the larger customers of AWS (those not operating on a credit card) generally hate Amazon because of its ruthless business behavior."

Lots of pressure will come to bear in this case from IBM, Microsoft, and Oracle, who are all suffering from a very specific database problem competing with AWS. Each of these companies sells their own database (DB2, SQL Server, and Oracle, respectively) that they've rolled into their cloud services. AWS's RDB, in contrast, is based on MySQL and costs Amazon almost nothing to support, giving the biggest cloud player a clear pricing advantage.

With Google+ being shutdown in just a few weeks, the official Android Beta community announced that it will be leaving the dying social media site in exchange for Reddit. The group on Google+ was home to over 163,000 members. Android Police reports: The community's new home will be r/android_beta. In an official announcement, the Android Beta team says they'll keep a close eye on the subreddit for feedback and will use it for announcements and updates. There's nothing there just yet, but when the Android Q beta hits, we're sure things will get much busier. For now, just make sure you subscribe and keep in mind that you have a second address where you can send all your Q beta complaints -- the first is obviously our tips inbox.

Java has a problem -- the language and platform is evolving faster than ever, but many developers are stuck on the five-year-old Java 8. From a report: So why have developers not upgraded? Simply, Java 9 introduced major changes, including internal restructuring, new modularity (known as "Project Jigsaw"), and the removal of little-used APIs. These changes broke code, and even developers who are happy to make the necessary revisions have dependency issues. "We have problems with libraries that do not yet support the latest versions," said one QCon attendee.

"I want to explain why it was necessary," said Oracle's Ron Pressler, part of the Java platform group developing the language and lead for Project Loom. "There are billions of lines of code in Java, and Java 9, it did break some things. The reason is that Java is 20-something years old. It will probably be big and popular in another 20 years. We have to think 20 years ahead. The way the JDK was structured prior to Java 9 was just unmaintainable. We could not keep Java competitive if we had not done that change. That was an absolute necessity."

Over at Quartz, Ephrat Livni reports that a 60 Minutes story about gender equality accidentally proved the persistence of patriarchy. Reader theodp shares the report: Good intentions are nice, but they aren't enough, the TV news show 60 Minutes recently proved. The show's producers apparently meant well when they decided to do a segment on women in technology and the gender gap, which aired on March 4. But they ended up punching women in the gut, as the founder and CEO of Girls Who Code, Reshma Saujani, puts it in her response to the segment. Ultimately, 60 Minutes featured a man, Code.org CEO Hadi Partovi. His [tech-backed] organization's mission is to expand access to computer science education in schools.

Women technologists like Saujani who were tapped to appear on the show about a year ago and worked with producers to provide research and interviews, ended up on the cutting room floor while Partovi spoke on their behalf. Here is the cruel irony: As a result, 60 Minutes' segment was accidentally exceptionally effective-it proved that women in tech really can't catch a break. [...] Ayah Bdeir, the founder of STEM learning toy company littleBits, also responded to the episode in a Medium post. She noted that she worked with 60 Minutes for a year, planning interviews, providing research, talking to the producers and reporters, telling her story and that of her organization, which is focused on closing the gender gap in technology. Yet producers wrote to her last August to say that the focus of the segment had shifted and that littleBits would no longer be central in the story. In an email, a producer explained to her, 'It's not that the important points you made in your interview are ignored in the story, or that you didn't make them very effectively, they're just made by others'.

An anonymous reader quotes a report from Ars Technica: Wall Street Journal reporter Takashi Mochizuki took a Wednesday opportunity to review one game maker's financial reports: CyberAgent Inc, maker of smartphone games like the Nintendo-published Dragalia Lost. This report, published at the end of January, made vague allusions to a single smartphone game dragging the company down. Quoting from the company's own English-language press release: "At the time of the original earnings forecast announcement on October 25, we looked a new game title made a good start [sic]. However, its performance is being slower than we expected as of today." That resulted in a whopping 20-percent drop in revenue expectations in the company's gaming sector, from 50 billion yen to 40 billion. Mochizuki pressed the company to confirm which game that was, and CyberAgent confirmed the game in question was indeed Nintendo's Dragalia Lost.

The company clarified things even further to the WSJ, alleging that Nintendo responded to players' complaints about Dragalia's loot box economy by asking the developer to "adjust the game" to reduce how much a player might spend in the game to progress normally. "Nintendo is not interested in making a large amount of revenue from a single smartphone game," a CyberAgent representative told the WSJ. "If we managed the game alone, we would have made a lot more." When asked by the WSJ, Nintendo's Japanese arm replied with a statement that apparently confirms CyberAgent's allegation. "We discuss various things, not just limited to payments, to deliver high-quality fun to consumers," the Nintendo rep told the WSJ. The report says the reason why Nintendo's revenue goals for its entire smartphone-gaming sector are considered modest compared to other large Japanese publishers may be "because its smartphone games are positioned less to make oodles of cash and more to raise awareness of Nintendo's IP (which Nintendo will soon leverage with theme park attractions and a feature-length film)."

An anonymous reader writes: A security researcher has uncovered a ring of malicious GitHub accounts promoting over 300 backdoored Windows, Mac, and Linux applications and software libraries. The malicious apps contained code to gain boot persistence on infected systems and later download other malicious code -- which appeared to be a "sneaker bot," a piece of malware that would add infected systems to a botnet that would later participate in online auctions for limited edition sneakers.

All the GitHub accounts that were hosting these files -- backdoored versions of legitimate apps -- have now been taken down. One account, in particular, registered in the name of Andrew Dunkins, hosted 305 backdoored ELF binaries. Another 73 apps were hosted across 88 other accounts.

Long-time Slashdot reader retroworks shared this EFF article: Although relatively little news gets out of Xinjiang to the rest of the world, we've known for over a year that China has been testing facial-recognition tracking and alert systems across Xinjiang and mandating the collection of biometric data -- including DNA samples, voice samples, fingerprints, and iris scans -- from all residents between the ages of 12 and 65... Earlier this month, security researcher Victor Gevers found and disclosed an exposed database live-tracking the locations of about 2.6 million residents of Xinjiang, China, offering a window into what a digital surveillance state looks like in the 21st century...

Over a period of 24 hours, 6.7 million individual GPS coordinates were streamed to and collected by the database, linking individuals to various public camera streams and identification checkpoints associated with location tags such as "hotel," "mosque," and "police station." The GPS coordinates were all located within Xinjiang. This database is owned by the company SenseNets, a private AI company advertising facial recognition and crowd analysis technologies. A couple of days later, Gevers reported a second open database tracking the movement of millions of cars and pedestrians. Violations like jaywalking, speeding, and going through a red-light are detected, trigger the camera to take a photo, and ping a WeChat API, presumably to try and tie the event to an identity.

China may have a working surveillance program in Xinjiang, but it's a shockingly insecure security state. Anyone with an Internet connection had access to this massive honeypot of information... Even poorly-executed surveillance is massively expensive, and Beijing is no doubt telling the people of Xinjiang that these investments are being made in the name of their own security. But the truth, revealed only through security failures and careful security research, tells a different story: China's leaders seem to care little for the privacy, or the freedom, of millions of its citizens.
EFF also reports that a Chinese cybersecurity firm also recently discovered 468 exposed MongoDB servers on the internet, including databases containing detailed information about remote access consoles owned by China General Nuclear Power Group.

Meanwhile, ZDNet suggests that SenseNets may actually be "a government contractor, helping authorities track the Muslim minority, rather than a private company selling its product to another private entity. Otherwise, it would be hard to explain how SenseNets has access to ID card information and camera feeds from police stations and other government buildings."

Big cloud companies are "strip-mining open-source technologies and companies," complains Michael Howard, CEO of MariaDB. At their developer conference, Howard accused "big cloud" of "really abusing the license and privilege [of open source], by not giving back to the community." ZDNet reports: Even as MariaDB grows by leaps and bounds in enterprise computing at Oracle's expense, Howard sees Oracle and Amazon fighting against it. "Oracle as the example of on-premise lock-in and Amazon being the example of cloud lock-in. You could interchange the names, you can honestly say now that Amazon should just be called Oracle Prime...."

In the first keynote, Austin Rutherford, MariaDB's VP of Customer Success, showed the result of a HammerDB benchmark on AWS EC2... In these tests, AWS's default MariaDB instances did poorly, while AWS homebrew Aurora, which is built on top of MySQL, consistently beat them. The top-performing database management system of all was MariaDB Managed Services on AWS. "My first reaction when I looked at the benchmarks," said Howard, was "maybe there's incompetence going on. Maybe they just don't know how to optimize a DBMS." He observed that one MariaDB customer, one of the biggest retail drug companies in the world, had told MariaDB that "Amazon offers the most vanilla MariaDB around. There's nothing enterprise about it. We could just install MariaDB from source on EC2 and do as well."

He then "began to wonder, Is there something that they're deliberately crippling?" Howard wouldn't go so far as to say AWS is consciously doing a poor job of implementing its MariaDB instances. Howard did say, "And then it became clear that, however, you want to articulate this, there is something not kosher happening." Howard doesn't have much against AWS promoting its own brands... But, if AWS's going out of its way to make a rival service look inferior to its own, well, Howard's not happy about that.
ZDNet adds that "it's also quite possible that unoptimized generic MariaDB instance will simply lag behind AWS-optimized Aurora.

"That said, even in this most innocent take on the benchmark results, cloud customers would be wise to take into consideration that cloud instances of any specific software service may not be created equal."

An anonymous reader quotes a report from Motherboard: Police, social services, and health workers in Canada are using shared databases to track the behavior of vulnerable people -- including minors and people experiencing homelessness -- with little oversight and often without consent. Documents obtained by Motherboard from Ontario's Ministry of Community Safety and Correctional Services (MCSCS) through an access to information request show that at least two provinces -- Ontario and Saskatchewan -- maintain a "Risk-driven Tracking Database" that is used to amass highly sensitive information about people's lives. Information in the database includes whether a person uses drugs, has been the victim of an assault, or lives in a "negative neighborhood."

The Risk-driven Tracking Database (RTD) is part of a collaborative approach to policing called the Hub model that partners cops, school staff, social workers, health care workers, and the provincial government. Information about people believed to be "at risk" of becoming criminals or victims of harm is shared between civilian agencies and police and is added to the database when a person is being evaluated for a rapid intervention intended to lower their risk levels. Interventions can range from a door knock and a chat to forced hospitalization or arrest. Data from the RTD is analyzed to identify trends -- for example, a spike in drug use in a particular area -- with the goal of producing planning data to deploy resources effectively, and create "community profiles" that could accelerate interventions under the Hub model, according to a 2015 Public Safety Canada report. Saskatchewan and Ontario officials say the data in the database is "de-identified" by removing details such as people's names and birthdates, but experts Motherboard spoke to say that scrubbing data so it may never be used to identify an individual is difficult if not impossible.

An anonymous reader writes: We've seen companies big and small build everything from AI-driven developer tools to AI-powered developer environments. But what if instead of having AI merely help developers write code, it did all the heavy lifting? Dry.io, a developer playground that helps you write web apps using just a few lines of code, began accepting signups today for its first wave of external testing. The programmable software platform lets you set the parameters of what you want to build, "and the AI takes care of the rest."

Drupal 7, which was first released in January 2011, will reach end of life (EOL) in November of 2021, the Drupal Association said today. What this means for your Drupal 7 sites is, as of November 2021: 1. Drupal 7 will no longer be supported by the community at large. The community at large will no longer create new projects, fix bugs in existing projects, write documentation, etc. around Drupal 7.
2. There will be no more core commits to Drupal 7.
3. The Drupal Security Team will no longer provide support or Security Advisories for Drupal 7 core or contributed modules, themes, or other projects. Reports about Drupal 7 vulnerabilities might become public creating 0 day exploits.
4. All Drupal 7 releases on all project pages will be flagged as not supported. Maintainers can change that flag if they desire to.
5. On Drupal 7 sites with the update status module, Drupal Core will show up as unsupported.
6. After November 2021, using Drupal 7 may be flagged as insecure in 3rd party scans as it no longer gets support.
7. Best practice is to not use unsupported software, it would not be advisable to continue to build new Drupal 7 sites.
8. Now is the time to start planning your migration to Drupal 8.

theodp writes: Facebook may be facing the threat of a multi-billion dollar FTC fine for privacy lapses that included allowing companies to obtain users' email addresses from their friends, but that didn't discourage Bill Gates from taking to Twitter to urge his 46.5 million followers to give up the names and email addresses of teachers so they can be contacted by tech-bankrolled Code.org for a chance to receive a "Computer Science Scholarship" (attend Professional Development workshops). Or Amazon. Or Google. "The success of our professional learning program depends on the work of our partners to spread the word," explained Code.org in a Medium Post. "Corporate partners like Amazon, Infosys, and Google are rallying their employees and communities to nominate a teacher, and so are fellow teachers, parents, and students. We couldn't do it without you! [...] Code.org (and these scholarships) are supported by: Amazon, Bill and Melinda Gates Foundation, Facebook, Google, Infosys Foundation USA, Microsoft [...] Code.org has prepared almost 100,000 educators to teach our courses, and they give our program rave reviews. We welcome teachers from all subject areas-no CS experience needed!"

In May, Code.org announced it was crowdsourcing a database of U.S. K-12 schools that teach -- or don't teach -- CS, with a goal to "gather data for 100% of U.S. schools by the end of 2018." The database would be used by the nonprofit and the CS community to "make our shared vision [for every school to teach computer science] a reality." Several months later, Amazon disclosed its involvement with the data collection effort, explaining it "will help us bring access to the schools that need it most." Amazon on Thursday announced it had selected 1,000 high schools to receive Amazon-funded CS classes and will be tapping another lucky 1,000 schools in the next few months. An Amazon press release said the company hopes to "inspire and educate 10 million children and young adults each year from underprivileged, underrepresented, and underserved communities to pursue careers in the fast-growing field of computer science and coding" through its Amazon Future Engineer program, which the e-tailer describes as "a four-part, childhood-to-career program."

Developers and Intel officials have told Axios that Apple is expected to move its Mac line to custom ARM-based chips as soon as next year. "Bloomberg offered a bit more specificity on things in a report on Wednesday, saying that the first ARM-based Macs could come in 2020, with plans to offer developers a way to write a single app that can run across iPhones, iPads and Macs by 2021," reports Axios. "The first hints of the effort came last year when Apple offered a sneak peek at its plan to make it easier for developers to bring iPad apps to the Mac." From the report: If anything, the Bloomberg timeline suggests that Intel might actually have more Mac business in 2020 than some had been expecting. The key question is not the timeline but just how smoothly Apple is able to make the shift. For developers, it will likely mean an awkward period of time supporting new and classic Macs as well as new and old-style Mac apps. The move could give developers a way to reach a bigger market with a single app, although the transition could be bumpy. For Intel, of course, it would mean the loss of a significant customer, albeit probably not a huge hit to its bottom line.

A new take on the age-old question: Should you rewrite your application from scratch, or is that "the single worst strategic mistake that any software company can make"? Turns out there are more than two options for dealing with a mature codebase. Herb Caudill: Almost two decades ago, Joel Spolsky excoriated Netscape for rewriting their codebase in his landmark essay Things You Should Never Do . He concluded that a functioning application should never, ever be rewritten from the ground up. His argument turned on two points: The crufty-looking parts of the application's codebase often embed hard-earned knowledge about corner cases and weird bugs. A rewrite is a lengthy undertaking that keeps you from improving on your existing product, during which time the competition is gaining on you.

For many, Joel's conclusion became an article of faith; I know it had a big effect on my thinking at the time. In the following years, I read a few contrarian takes arguing that, under certain circumstances, it made a lot of sense to rewrite from scratch. For example: Sometimes the legacy codebase really is messed up beyond repair, such that even simple changes require a cascade of changes to other parts of the code. The original technology choices might be preventing you from making necessary improvements. Or, the original technology might be obsolete, making it hard (or expensive) to recruit quality developers.

The correct answer, of course, is that it depends a lot on the circumstances. Yes, sometimes it makes more sense to gradually refactor your legacy code. And yes, sometimes it makes sense to throw it all out and start over. But those aren't the only choices. Let's take a quick look at six stories, and see what lessons we can draw.

A blog post from developer turned writer Marty Jacobs caught my attention earlier this morning. In the post, Jacobs has listed some of the programming books he says he had discovered and read much sooner. He writes, "There are so many programming books out there, sometimes it's hard to know what books are best. Programming itself is so broad and there are so many concepts to learn." You can check out his list here. I was curious what books would you include if you were to make a similar list?

An anonymous reader quotes a report from Motherboard: Switzerland made headlines this month for the transparency of its internet voting system when it launched a public penetration test and bug bounty program to test the resiliency of the system to attack. But after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system's design and about the transparency around the public test. Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what's going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly.

"Most of the system is split across hundreds of different files, each configured at various levels," Sarah Jamie Lewis, a former security engineer for Amazon as well as a former computer scientist for England's GCHQ intelligence agency, told Motherboard. "I'm used to dealing with Java code that runs across different packages and different teams, and this code somewhat defeats even my understanding." She said the system uses cryptographic solutions that are fairly new to the field and that have to be implemented in very specific ways to make the system auditable, but the design the programmers chose thwarts this. "It is simply not the standard we would expect," she told Motherboard. [...] It isn't just outside attackers that are a concern; the system raises the possibility for an insider to intentionally misconfigure the system to make it easier to manipulate, while maintaining plausible deniability that the misconfiguration was unintentional. "Someone could wire the thing in the wrong place and suddenly the system is compromised," said Lewis, who is currently executive director of the Open Privacy Research Society, a Canadian nonprofit that develops secure and privacy-enhancing software for marginalized communities. "And when you're talking about code that is supposed to be protecting a national election, that is not a statement someone should be able to make." "You expect secure code to be defensively written that would prevent the implementers of the code from wiring it up incorrectly," Lewis told Motherboard. But instead of building a system that doesn't allow for this, the programmers simply added a comment to their source code telling anyone who compiles and implements it to take care to configure it properly, she said.

The online voting system was developed by Swiss Post, the country's national postal service, and the Barcelona-based company Scytl. "Scytl claims the system uses end-to-end encryption that only the Swiss Electoral Board would be able to decrypt," reports Motherboard. "But there are reasons to be concerned about such claims."

A company that claims to combat app piracy is a pirate itself, according to a report Oracle released this week. From a report: Oracle claims the company, Tapcore, has been perpetrating a massive ad fraud on Android devices by infecting apps with software that ring up fake ad impressions and drain people's data. Based in The Netherlands, Tapcore works with developers to identify when apps are pirated and then enables developers to make money from those bootleg copies by serving ads. Oracle says that Tapcore's anti-piracy code was a Trojan horse that was generating fake mobile websites to trick ad serving platforms into paying them for non-existent ad inventory.

"The code is delivering a steady stream of invisible video ads and spoofing domains," Dan Fichter, VP of software development at Oracle Data Cloud, tells Ad Age. "On all those impressions it looked like the advertiser was running ads on legitimate mobile websites. Not only were they not on a website, they were on an invisible web browser." On its website, Tapcore says it works with more than 3,000 apps, serving 150 million ad impressions a day. The apps whose pirated versions it has worked with include titles like "Perfect 365," "Draw Clash of Clans," "Vertex" and "Solitaire: Season 4," according to Oracle's report.

Google has sent out invites to this year's Game Developers Conference (GDC) press event, where the company is expected to unveil a new game streaming product. ExtremeTech reports: There have been rumors about a Google game stream product or service for several years. Initially, leaks pointed to a hardware platform called Yeti that would stream games to a connected display. In late 2018, Google rolled out a game streaming test called Project Stream. To publicize the demo, it worked with Ubisoft to give everyone free access to the new Assassin's Creed Odyssey. Google wrapped up Project Stream in early 2019, offering players a free copy of Assassin's Creed Odyssey as thanks. Of course, you'd need a real gaming PC to run that version.

Google's GDC event will take place on March 19th at 10 AM Pacific. All we know for sure is that Google is there to talk about a gaming project. It just seems extremely likely that it will be a new phase for Project Stream. It might remain browser-only, but Google does have a giant network of TV's out there with Chromecast streaming dongles plugged in. If it could leverage those to stream games, it could instantly have as many eyeballs as Sony or Microsoft.

Mark Gurman, reporting for Bloomberg: Apple wants to make it easier for software coders to create tools, games and other applications for its main devices in one fell swoop -- an overhaul designed to encourage app development and, ultimately, boost revenue. The ultimate goal of the multistep initiative, code-named "Marzipan," is by 2021 to help developers build an app once and have it work on the iPhone, iPad and Mac computers, said people familiar with the effort. That should spur the creation of new software, increasing the utility of the company's gadgets.

Later this year, Apple plans to let developers port their iPad apps to Mac computers via a new software development kit that the company will release as early as June at its annual developer conference. Developers will still need to submit separate versions of the app to Apple's iOS and Mac App Stores, but the new kit will mean they don't have to write the underlying software code twice, said the people familiar with the plan. In 2020, Apple plans to expand the kit so iPhone applications can be converted into Mac apps in the same way. Further reading: Tim Cook, in April 2018: Users Don't Want iOS To Merge With MacOS.

technology_dude writes: One by one, thresholds are being crossed where the collection and storage of personal data is accepted as routine. Being recorded by cameras at business locations, in public transportation, in schools, churches, and every other place imaginable. Recent headlines include "Singapore Airlines having cameras built into the seat back of personal entertainment systems," and "Arizona considering a bill to force some public workers to give up DNA samples (and even pay for it)." It seems to be a daily occurrence where we have crossed another line in how far we will go to accept massive surveillance as normal. Do we even have a line the sand that we would defend? Do we even see anything wrong with it? Absolute power corrupts absolutely and we continue to give knowledge of our personal lives (power) to others. If we continue down the same path, I suppose we deserve what we get? I want to shout "Stop the train, I want off!" but I fear my plea would be ignored. So who out there is more optimistic than I and can recommend some reading that will give me hope? Bill 1475 was introduced by Republican State Senator David Livingston and would require teachers, police officers, child day care workers, and many others to submit their DNA samples along with fingerprints to be stored in a database maintained by the Department of Public Safety. "While the database would be prohibited from storing criminal or medical records alongside the DNA samples, it would require the samples be accompanied by the person's name, Social Security number, date of birth and last known address," reports Gizmodo. "The living will be required to pay [a $250 processing fee] for this invasion of their privacy, but any dead body that comes through a county medical examiner's office would also be fair game to be entered into the database."