An anonymous reader quotes a report from Motherboard: Police, social services, and health workers in Canada are using shared databases to track the behavior of vulnerable people -- including minors and people experiencing homelessness -- with little oversight and often without consent. Documents obtained by Motherboard from Ontario's Ministry of Community Safety and Correctional Services (MCSCS) through an access to information request show that at least two provinces -- Ontario and Saskatchewan -- maintain a "Risk-driven Tracking Database" that is used to amass highly sensitive information about people's lives. Information in the database includes whether a person uses drugs, has been the victim of an assault, or lives in a "negative neighborhood."

The Risk-driven Tracking Database (RTD) is part of a collaborative approach to policing called the Hub model that partners cops, school staff, social workers, health care workers, and the provincial government. Information about people believed to be "at risk" of becoming criminals or victims of harm is shared between civilian agencies and police and is added to the database when a person is being evaluated for a rapid intervention intended to lower their risk levels. Interventions can range from a door knock and a chat to forced hospitalization or arrest. Data from the RTD is analyzed to identify trends -- for example, a spike in drug use in a particular area -- with the goal of producing planning data to deploy resources effectively, and create "community profiles" that could accelerate interventions under the Hub model, according to a 2015 Public Safety Canada report. Saskatchewan and Ontario officials say the data in the database is "de-identified" by removing details such as people's names and birthdates, but experts Motherboard spoke to say that scrubbing data so it may never be used to identify an individual is difficult if not impossible.

An anonymous reader writes: We've seen companies big and small build everything from AI-driven developer tools to AI-powered developer environments. But what if instead of having AI merely help developers write code, it did all the heavy lifting? Dry.io, a developer playground that helps you write web apps using just a few lines of code, began accepting signups today for its first wave of external testing. The programmable software platform lets you set the parameters of what you want to build, "and the AI takes care of the rest."

Drupal 7, which was first released in January 2011, will reach end of life (EOL) in November of 2021, the Drupal Association said today. What this means for your Drupal 7 sites is, as of November 2021: 1. Drupal 7 will no longer be supported by the community at large. The community at large will no longer create new projects, fix bugs in existing projects, write documentation, etc. around Drupal 7.
2. There will be no more core commits to Drupal 7.
3. The Drupal Security Team will no longer provide support or Security Advisories for Drupal 7 core or contributed modules, themes, or other projects. Reports about Drupal 7 vulnerabilities might become public creating 0 day exploits.
4. All Drupal 7 releases on all project pages will be flagged as not supported. Maintainers can change that flag if they desire to.
5. On Drupal 7 sites with the update status module, Drupal Core will show up as unsupported.
6. After November 2021, using Drupal 7 may be flagged as insecure in 3rd party scans as it no longer gets support.
7. Best practice is to not use unsupported software, it would not be advisable to continue to build new Drupal 7 sites.
8. Now is the time to start planning your migration to Drupal 8.

theodp writes: Facebook may be facing the threat of a multi-billion dollar FTC fine for privacy lapses that included allowing companies to obtain users' email addresses from their friends, but that didn't discourage Bill Gates from taking to Twitter to urge his 46.5 million followers to give up the names and email addresses of teachers so they can be contacted by tech-bankrolled Code.org for a chance to receive a "Computer Science Scholarship" (attend Professional Development workshops). Or Amazon. Or Google. "The success of our professional learning program depends on the work of our partners to spread the word," explained Code.org in a Medium Post. "Corporate partners like Amazon, Infosys, and Google are rallying their employees and communities to nominate a teacher, and so are fellow teachers, parents, and students. We couldn't do it without you! [...] Code.org (and these scholarships) are supported by: Amazon, Bill and Melinda Gates Foundation, Facebook, Google, Infosys Foundation USA, Microsoft [...] Code.org has prepared almost 100,000 educators to teach our courses, and they give our program rave reviews. We welcome teachers from all subject areas-no CS experience needed!"

In May, Code.org announced it was crowdsourcing a database of U.S. K-12 schools that teach -- or don't teach -- CS, with a goal to "gather data for 100% of U.S. schools by the end of 2018." The database would be used by the nonprofit and the CS community to "make our shared vision [for every school to teach computer science] a reality." Several months later, Amazon disclosed its involvement with the data collection effort, explaining it "will help us bring access to the schools that need it most." Amazon on Thursday announced it had selected 1,000 high schools to receive Amazon-funded CS classes and will be tapping another lucky 1,000 schools in the next few months. An Amazon press release said the company hopes to "inspire and educate 10 million children and young adults each year from underprivileged, underrepresented, and underserved communities to pursue careers in the fast-growing field of computer science and coding" through its Amazon Future Engineer program, which the e-tailer describes as "a four-part, childhood-to-career program."

Developers and Intel officials have told Axios that Apple is expected to move its Mac line to custom ARM-based chips as soon as next year. "Bloomberg offered a bit more specificity on things in a report on Wednesday, saying that the first ARM-based Macs could come in 2020, with plans to offer developers a way to write a single app that can run across iPhones, iPads and Macs by 2021," reports Axios. "The first hints of the effort came last year when Apple offered a sneak peek at its plan to make it easier for developers to bring iPad apps to the Mac." From the report: If anything, the Bloomberg timeline suggests that Intel might actually have more Mac business in 2020 than some had been expecting. The key question is not the timeline but just how smoothly Apple is able to make the shift. For developers, it will likely mean an awkward period of time supporting new and classic Macs as well as new and old-style Mac apps. The move could give developers a way to reach a bigger market with a single app, although the transition could be bumpy. For Intel, of course, it would mean the loss of a significant customer, albeit probably not a huge hit to its bottom line.

A new take on the age-old question: Should you rewrite your application from scratch, or is that "the single worst strategic mistake that any software company can make"? Turns out there are more than two options for dealing with a mature codebase. Herb Caudill: Almost two decades ago, Joel Spolsky excoriated Netscape for rewriting their codebase in his landmark essay Things You Should Never Do . He concluded that a functioning application should never, ever be rewritten from the ground up. His argument turned on two points: The crufty-looking parts of the application's codebase often embed hard-earned knowledge about corner cases and weird bugs. A rewrite is a lengthy undertaking that keeps you from improving on your existing product, during which time the competition is gaining on you.

For many, Joel's conclusion became an article of faith; I know it had a big effect on my thinking at the time. In the following years, I read a few contrarian takes arguing that, under certain circumstances, it made a lot of sense to rewrite from scratch. For example: Sometimes the legacy codebase really is messed up beyond repair, such that even simple changes require a cascade of changes to other parts of the code. The original technology choices might be preventing you from making necessary improvements. Or, the original technology might be obsolete, making it hard (or expensive) to recruit quality developers.

The correct answer, of course, is that it depends a lot on the circumstances. Yes, sometimes it makes more sense to gradually refactor your legacy code. And yes, sometimes it makes sense to throw it all out and start over. But those aren't the only choices. Let's take a quick look at six stories, and see what lessons we can draw.

A blog post from developer turned writer Marty Jacobs caught my attention earlier this morning. In the post, Jacobs has listed some of the programming books he says he had discovered and read much sooner. He writes, "There are so many programming books out there, sometimes it's hard to know what books are best. Programming itself is so broad and there are so many concepts to learn." You can check out his list here. I was curious what books would you include if you were to make a similar list?

An anonymous reader quotes a report from Motherboard: Switzerland made headlines this month for the transparency of its internet voting system when it launched a public penetration test and bug bounty program to test the resiliency of the system to attack. But after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system's design and about the transparency around the public test. Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what's going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly.

"Most of the system is split across hundreds of different files, each configured at various levels," Sarah Jamie Lewis, a former security engineer for Amazon as well as a former computer scientist for England's GCHQ intelligence agency, told Motherboard. "I'm used to dealing with Java code that runs across different packages and different teams, and this code somewhat defeats even my understanding." She said the system uses cryptographic solutions that are fairly new to the field and that have to be implemented in very specific ways to make the system auditable, but the design the programmers chose thwarts this. "It is simply not the standard we would expect," she told Motherboard. [...] It isn't just outside attackers that are a concern; the system raises the possibility for an insider to intentionally misconfigure the system to make it easier to manipulate, while maintaining plausible deniability that the misconfiguration was unintentional. "Someone could wire the thing in the wrong place and suddenly the system is compromised," said Lewis, who is currently executive director of the Open Privacy Research Society, a Canadian nonprofit that develops secure and privacy-enhancing software for marginalized communities. "And when you're talking about code that is supposed to be protecting a national election, that is not a statement someone should be able to make." "You expect secure code to be defensively written that would prevent the implementers of the code from wiring it up incorrectly," Lewis told Motherboard. But instead of building a system that doesn't allow for this, the programmers simply added a comment to their source code telling anyone who compiles and implements it to take care to configure it properly, she said.

The online voting system was developed by Swiss Post, the country's national postal service, and the Barcelona-based company Scytl. "Scytl claims the system uses end-to-end encryption that only the Swiss Electoral Board would be able to decrypt," reports Motherboard. "But there are reasons to be concerned about such claims."

A company that claims to combat app piracy is a pirate itself, according to a report Oracle released this week. From a report: Oracle claims the company, Tapcore, has been perpetrating a massive ad fraud on Android devices by infecting apps with software that ring up fake ad impressions and drain people's data. Based in The Netherlands, Tapcore works with developers to identify when apps are pirated and then enables developers to make money from those bootleg copies by serving ads. Oracle says that Tapcore's anti-piracy code was a Trojan horse that was generating fake mobile websites to trick ad serving platforms into paying them for non-existent ad inventory.

"The code is delivering a steady stream of invisible video ads and spoofing domains," Dan Fichter, VP of software development at Oracle Data Cloud, tells Ad Age. "On all those impressions it looked like the advertiser was running ads on legitimate mobile websites. Not only were they not on a website, they were on an invisible web browser." On its website, Tapcore says it works with more than 3,000 apps, serving 150 million ad impressions a day. The apps whose pirated versions it has worked with include titles like "Perfect 365," "Draw Clash of Clans," "Vertex" and "Solitaire: Season 4," according to Oracle's report.

Google has sent out invites to this year's Game Developers Conference (GDC) press event, where the company is expected to unveil a new game streaming product. ExtremeTech reports: There have been rumors about a Google game stream product or service for several years. Initially, leaks pointed to a hardware platform called Yeti that would stream games to a connected display. In late 2018, Google rolled out a game streaming test called Project Stream. To publicize the demo, it worked with Ubisoft to give everyone free access to the new Assassin's Creed Odyssey. Google wrapped up Project Stream in early 2019, offering players a free copy of Assassin's Creed Odyssey as thanks. Of course, you'd need a real gaming PC to run that version.

Google's GDC event will take place on March 19th at 10 AM Pacific. All we know for sure is that Google is there to talk about a gaming project. It just seems extremely likely that it will be a new phase for Project Stream. It might remain browser-only, but Google does have a giant network of TV's out there with Chromecast streaming dongles plugged in. If it could leverage those to stream games, it could instantly have as many eyeballs as Sony or Microsoft.

Mark Gurman, reporting for Bloomberg: Apple wants to make it easier for software coders to create tools, games and other applications for its main devices in one fell swoop -- an overhaul designed to encourage app development and, ultimately, boost revenue. The ultimate goal of the multistep initiative, code-named "Marzipan," is by 2021 to help developers build an app once and have it work on the iPhone, iPad and Mac computers, said people familiar with the effort. That should spur the creation of new software, increasing the utility of the company's gadgets.

Later this year, Apple plans to let developers port their iPad apps to Mac computers via a new software development kit that the company will release as early as June at its annual developer conference. Developers will still need to submit separate versions of the app to Apple's iOS and Mac App Stores, but the new kit will mean they don't have to write the underlying software code twice, said the people familiar with the plan. In 2020, Apple plans to expand the kit so iPhone applications can be converted into Mac apps in the same way. Further reading: Tim Cook, in April 2018: Users Don't Want iOS To Merge With MacOS.

technology_dude writes: One by one, thresholds are being crossed where the collection and storage of personal data is accepted as routine. Being recorded by cameras at business locations, in public transportation, in schools, churches, and every other place imaginable. Recent headlines include "Singapore Airlines having cameras built into the seat back of personal entertainment systems," and "Arizona considering a bill to force some public workers to give up DNA samples (and even pay for it)." It seems to be a daily occurrence where we have crossed another line in how far we will go to accept massive surveillance as normal. Do we even have a line the sand that we would defend? Do we even see anything wrong with it? Absolute power corrupts absolutely and we continue to give knowledge of our personal lives (power) to others. If we continue down the same path, I suppose we deserve what we get? I want to shout "Stop the train, I want off!" but I fear my plea would be ignored. So who out there is more optimistic than I and can recommend some reading that will give me hope? Bill 1475 was introduced by Republican State Senator David Livingston and would require teachers, police officers, child day care workers, and many others to submit their DNA samples along with fingerprints to be stored in a database maintained by the Department of Public Safety. "While the database would be prohibited from storing criminal or medical records alongside the DNA samples, it would require the samples be accompanied by the person's name, Social Security number, date of birth and last known address," reports Gizmodo. "The living will be required to pay [a $250 processing fee] for this invasion of their privacy, but any dead body that comes through a county medical examiner's office would also be fair game to be entered into the database."

Programming interview questions can feel unnecessarily difficult. Sometimes they actually are, a new study has found. And this isn't just because they make interviews excessively stressful. The study shows that harder programming questions actually do a worse job of predicting final outcomes than easier ones. From the study: Programming under time pressure is difficult. This is especially true during interviews. A coding exercise that would seem simple under normal circumstances somehow becomes a formidable challenge under the bright lights of an interview room. Stress hormones cloud your thinking during interviews (even though, sadly, neither fight nor flight is an effective response to a menacing programming problem). And it can almost feel like the questions are designed to be perversely difficult. I actually think this is more than just a feeling.

Interview questions are designed to be hard. Because the cost of hiring a bad engineer is so much higher than the cost of rejecting a good engineer, companies are incentivized to set a high bar. And for most companies that means asking hard questions. Intuitively this makes sense because harder questions seem like they should result in a more rigorous screening process. But intuition turns out to be a poor guide here. Our data shows that harder questions are actually less predictive than relatively easy ones. Further reading: Programmers Are Confessing Their Coding Sins To Protest a Broken Job Interview Process.

Deep learning may need a new programming language that's more flexible and easier to work with than Python, Facebook AI Research director Yann LeCun said today. From an interview: It's not yet clear if such a language is necessary, but the possibility runs against very entrenched desires from researchers and engineers, he said. LeCun has worked with neural networks since the 1980s. "There are several projects at Google, Facebook, and other places to kind of design such a compiled language that can be efficient for deep learning, but it's not clear at all that the community will follow, because people just want to use Python," LeCun said in a phone call with VentureBeat. "The question now is, is that a valid approach?" Further reading: Facebook joins Amazon and Google in AI chip race.

An anonymous reader quotes a report from Gamasutra: In the wake of Activision Blizzard's massive layoff wave, a move that was announced in the same call as the company's record quarter, the union federation AFL-CIO has published an open letter to game developers urging members of the industry to organize. The AFL-CIO itself is the largest labor organization in the United States and counts 55 individual unions (and more than 12.5 million workers) among its affiliates. The letter, readable in full on Kotaku, calls out many of the issues that have prompted conversations about unionization in just recent years like excessive crunch, toxic work conditions, inadequate pay, and job instability. The industry, points out AFL-CIO's secretary-treasurer Liz Shuler, boasted sales 3.6 times greater than those of the film industry in 2018, yet much of that financial success isn't felt by the developers working on the games that generate those billions. "Executives are always quick to brag about your work. It's the talk of every industry corner office and boardroom. They pay tribute to the games that capture our imaginations and seem to defy economic gravity. They talk up the latest innovations in virtual reality and celebrate record-smashing releases, as your creations reach unparalleled new heights," says Shuler.

"My question is this: what have you gotten in return? They get rich. They get notoriety. They get to be crowned visionaries and regarded as pioneers. What do you get? Outrageous hours and inadequate paychecks. Stressful, toxic work conditions that push you to your physical and mental limits. The fear that asking for better means risking your dream job. [...] Change will happen when you gain leverage by joining together in a strong union. And, it will happen when you use your collective voice to bargain for a fair share of the wealth you create every day. No matter where you work, bosses will only offer fair treatment when you stand together and demand it."

After years of fighting the idea, Sony announced last September it is finally bringing "cross-platform gameplay, progression, and commerce" to the PlayStation Network, with Fortnite as the first example. Months later, the company's efforts have yet to gain wide traction and now we may have identified the bottleneck: Sony. Several major third-party developers have accused the company of standing in the way of letting the PS4 versions of their games play nicely with other platforms. ArsTechnica reports: "We just launched Wargroove with crossplay between PC, Switch, and Xbox," Chucklefish CEO Finn "Tiy" Brice wrote on the ResetEra forums. "We made many requests for crossplay (both through our [Sony] account manager and directly with higher-ups) all the way up until release month. We were told in no uncertain terms that it was not going to happen." Brice's comments came days after new Hi-Rez Studios CEO Stew Chisam tweeted at Sony that the studio was "ready to go when you are" for cross-play on Smite, Paladins, and Realm Royale. "It's time to stop playing favorites and tear down the crossplay/progression wall for everyone," he said.

In a follow-up tweet, Chisam explained that Xbox/Switch cross-play has led to a direct improvement in the Paladins online user experience, including reduced wait times, more balanced matchmaking, and fewer "bad" matches overall. Brice's comments in particular come in direct response (and contradiction) to a recent Game Informer interview in which Sony Interactive Entertainment chairman Shawn Layden said that cross-play was open to pretty much any PS4 developer that wants it.

In a year-in-review announcement today, Google said Play Store app rejections went up 55% last year after the OS maker tightened up its app review process. From a report: Similarly, stats for app suspensions also went up, by more than 66%, according to Google, which the company credited to its continued investment in "automated protections and human review processes that play critical roles in identifying and enforcing on bad apps." One of the most significant roles in the automated systems cited by Google in identifying malware is the Google Play Protect service, which is currently included by default with the official Play Store app. Google said this service now scans over 50 billion apps per day, and even goes as far as downloading and scanning every Android app it finds on the internet.

[...] Play Store's automated systems are now getting better and better at detecting threats, so much so that Google is now seeing clear patterns. "We find that over 80% of severe policy violations are conducted by repeat offenders and abusive developer networks," Ahn said. "When malicious developers are banned, they often create new accounts or buy developer accounts on the black market in order to come back to Google Play."

An anonymous reader shares an excerpt from an Ars Technica report: Researchers have found a way to run malicious code on systems with Intel processors in such a way that the malware can't be analyzed or identified by antivirus software, using the processor's own features to protect the bad code. As well as making malware in general harder to examine, bad actors could use this protection to, for example, write ransomware applications that never disclose their encryption keys in readable memory, making it substantially harder to recover from attacks. The research, performed at Graz University of Technology by Michael Schwarz, Samuel Weiser, and Daniel Gruss (one of the researchers behind last year's Spectre attack), uses a feature that Intel introduced with its Skylake processors called SGX ("Software Guard eXtensions"). SGX enables programs to carve out enclaves where both the code and the data the code works with are protected to ensure their confidentiality (nothing else on the system can spy on them) and integrity (any tampering with the code or data can be detected). The contents of an enclave are transparently encrypted every time they're written to RAM and decrypted upon being read. The processor governs access to the enclave memory: any attempt to access the enclave's memory from code outside the enclave is blocked; the decryption and encryption only occurs for the code within the enclave.

SGX has been promoted as a solution to a range of security concerns when a developer wants to protect code, data, or both, from prying eyes. For example, an SGX enclave running on a cloud platform could be used to run custom proprietary algorithms, such that even the cloud provider cannot determine what the algorithms are doing. On a client computer, the SGX enclave could be used in a similar way to enforce DRM (digital rights management) restrictions; the decryption process and decryption keys that the DRM used could be held within the enclave, making them unreadable to the rest of the system. There are biometric products on the market that use SGX enclaves for processing the biometric data and securely storing it such that it can't be tampered with. SGX has been designed for this particular threat model: the enclave is trusted and contains something sensitive, but everything else (the application, the operating system, and even the hypervisor) is potentially hostile. While there have been attacks on this threat model (for example, improperly written SGX enclaves can be vulnerable to timing attacks or Meltdown-style attacks), it appears to be robust as long as certain best practices are followed.

Video game publisher Ubisoft is working with Mozilla to develop an AI coding assistant called Clever-Commit, head of Ubisoft La Forge Yves Jacquier announced during DICE Summit 2019 on Tuesday. From a report: Clever-Commit reportedly helps programmers evaluate whether or not a code change will introduce a new bug by learning from past bugs and fixes. The prototype, called Commit-Assistant, was tested using data collected during game development, Ubisoft said, and it's already contributing to some major AAA titles. The publisher is also working on integrating it into other brands. "Working with Mozilla on Clever-Commit allows us to support other programming languages and increase the overall performances of the technology. Using this tech in our games and Firefox will allow developers to be more productive as they can spend more time creating the next feature rather than fixing bugs. Ultimately, this will allow us to create even better experiences for our gamers and increase the frequency of our game updates," said Mathieu Nayrolles, technical architect, data scientist, and member of the Technological Group at Ubisoft Montreal.

IBM announced on Tuesday that some of its Watson AI services will now work on rival cloud computing providers as it seeks to win over customers that want greater flexibility in how they store and analyze data. From a report: The announcement builds on IBM's moves to position its services as compatible with nearly any form of computer infrastructure a customer wants to operate. Other efforts include a pending acquisition of open-source software company Red Hat for $34 billion. With the change, companies will be able to use Watson AI tools such as Watson Assistant, which can help them develop conversational services such as a virtual customer service agent, in mobile apps hosted on Amazon and Microsoft as well as IBM servers.