Security

Hacker Shuts Down Copenhagen's Public City Bikes System (bleepingcomputer.com) 72

An anonymous reader writes: "An unidentified hacker has breached Bycyklen -- Copenhagen's city bikes network -- and deleted the organization's entire database, disabling the public's access to bicycles over the weekend," reports Bleeping Computer. "The hack took place on the night between Friday, May 4, and Saturday, May 5, the organization said on its website. Bycyklen described the hack as "rather primitive," alluding it may have been carried out "by a person with a great deal of knowledge of its IT infrastructure." Almost 2,000 bikes were affected, and the company's employees have been working for days, searching for bikes docked across the city and installing a manual update to restore functionality. The company is holding a "treasure hunt," asking users to hunt down and identify non-functional bikes.
Education

Carnegie Mellon Launches Undergraduate Degree In AI (cmu.edu) 76

Earlier this week, Carnegie Mellon University announced plans to offer an undergrad degree in artificial intelligence. The news may be especially attractive for students given how much tech giants have been ramping up their AI efforts in the recent years, and how U.S. News & World Report ranked Carnegie Mellon University as the No. 1 graduate school for AI. An anonymous reader shares the announcement with us: Carnegie Mellon University's School of Computer Science will offer a new undergraduate degree in artificial intelligence beginning this fall, providing students with in-depth knowledge of how to transform large amounts of data into actionable decisions. SCS has created the new AI degree, the first offered by a U.S. university, in response to extraordinary technical breakthroughs in AI and the growing demand by students and employers for training that prepares people for careers in AI.

The bachelor's degree program in computer science teaches students to think broadly about methods that can accomplish a wide variety of tasks across many disciplines, said Reid Simmons, research professor of robotics and computer science and director of the new AI degree program. The bachelor's degree in AI will focus more on how complex inputs -- such as vision, language and huge databases -- are used to make decisions or enhance human capabilities, he added. AI majors will receive the same solid grounding in computer science and math courses as other computer science students. In addition, they will have additional course work in AI-related subjects such as statistics and probability, computational modeling, machine learning, and symbolic computation. Simmons said the program also would include a strong emphasis on ethics and social responsibility. This will include independent study opportunities in using AI for social good, such as improving transportation, health care or education.

Software

Apple Cracking Down On Apps That Send Location Data To Third Parties (9to5mac.com) 28

Apple has been removing some apps that share location data with third parties and informing developers that their app violates two parts of the App Store Review Guidelines. "The company informs developers via email that 'upon re-evaluation,' their application is in violation of sections 5.1.1 and 5.1.2 of the App Store Review Guidelines, which pertain to transmitting user location data and user awareness of data collection," reports 9to5Mac. From the report: Apple explains that developers must remove any code, frameworks, or SDKs that relate to the violation before their app can be resubmitted to the App Store. Apple's crackdown on these applications comes amid a growing industry shift due to General Data Protection Regulation, or GDPR, in the European Union. While Apple has always been a privacy-focused company, it is seemingly looking to ensure that developers take the same care of user data.

In the instances we've seen, the apps in question don't do enough to inform users about what happens with their data. In addition to simply asking for permission, Apple appears to want developers to explain what the data is used for and how it is shared. Furthermore, the company is cracking down on instances where the data is used for purposes unrelated to improving the user experience.

Chrome

In Blocking Autoplay Videos, Chrome Is Breaking Many Web-Based Games (arstechnica.com) 77

An anonymous reader quotes a report from Ars Technica: An update Google rolled out for its popular Chrome browser this weekend helps prevent those annoying auto-playing video ads on many websites from disturbing your day with unwanted sound as well. But that update is causing consternation for many Web-based game developers who are finding that the change completely breaks the audio in their online work. The technical details behind the problem involve the way Chrome handles WebAudio objects, which are now automatically paused when a webpage starts up, stymying auto-playing ads. To get around this, Web-based games now have to actively restart that pre-loaded audio object when the player makes an action to start the game, even if that audio wasn't autoplaying beforehand. "The standard doesn't require you to do this, so no one would have thought to do this before today," developer Andi McClure told Ars Technica. "With Chrome's new autoplay policies, developers shouldn't assume that audio can be played before a user gesture," Google told The Daily Dot in a statement. "With gaming in Chrome, this may affect Web Audio. We have shared details on what developers can do to address this, and the design for the policy was published last year."
Crime

Police Drop Charges Filed Against 19-Year-Old Archivist For Downloading FOIA Releases (techdirt.com) 154

An anonymous reader quotes a report form Techdirt: Last month, [...] an unnamed 19-year-old was facing criminal charges for downloading publicly-available documents from a government Freedom of Information portal. The teen had written a script to fetch all available documents from the Nova Scotia's government FOI site -- a script that did nothing more than increment digits at the end of the URL to find everything that had been uploaded by the government. The government screwed up. It uploaded documents to the publicly-accessible server that hadn't been redacted yet. It was a very small percentage of the total haul -- 250 of the 7,000 docs obtained -- but the government made a very big deal out of it after discovering they had been accessed.

Fortunately, Nova Scotia law enforcement has decided there's nothing to pursue in this case: "In an email to CBC News, Halifax police Supt. Jim Perrin did not mention what kind of information police were given from the province, but he said it was a 'high-profile case that potentially impacted many Nova Scotians.' 'As the investigation evolved, we have determined that the 19-year-old who was arrested on April 11 did not have intent to commit a criminal offense by accessing the information,' Perrin said in the email."

Security

Equifax's Data Breach By the Numbers: 146 Million Social Security Numbers, 99 Million Addresses, and More (theregister.co.uk) 69

Several months after the data breach was first reported, Equifax has published the details on the personal records and sensitive information stolen in the cybersecurity incident. The good news: the number of individuals affected by the network intrusion hasn't increased from the 146.6 million Equifax previously announced, but extra types of records accessed by the hackers have turned up in Mandiant's ongoing audit of the security breach," reports The Register. From the report: Late last week, the company gave the numbers in letters to the various U.S. congressional committees investigating the network infiltration, and on Monday, it submitted a letter to the SEC, corporate America's financial watchdog. As well as the -- take a breath -- 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information and 209,000 payment cards (number and expiry date) exposed, the company said there were also 38,000 American drivers' licenses and 3,200 passport details lifted, too.

The further details emerged after Mandiant's investigators helped "standardize certain data elements for further analysis to determine the consumers whose personally identifiable information was stolen." The extra data elements, the company said, didn't involve any individuals not already known to be part of the super-hack, so no additional consumer notifications are required.

Programming

Microsoft Adds Support For JavaScript Functions in Excel (bleepingcomputer.com) 171

An anonymous reader shares a report: At the Build 2018 developer conference that's taking place these days in Seattle, USA, Microsoft announced support for custom JavaScript functions in Excel. What this means is that Excel users will be able to use JavaScript code to create a custom Excel formula that will appear in Excel's default formula database. Users will then be able to insert and call these formulas from within Excel spreadsheets, but have a JavaScript interpreter compute the spreadsheet data instead of Excel's native engine. "Office developers have been wanting to write JavaScript custom functions for many reasons," Microsoft says, "such as: (1) Calculate math operations, like whether a number is prime. (2) Bring information from the web, like a bank account balance. (3) Stream live data, like a stock price."
Microsoft

Microsoft Hopes Money Will Entice More Developers (engadget.com) 134

At Build conference, Microsoft announced that starting later this year, all consumer apps (except games) sold in the Microsoft Store will ship a whopping 95 percent of the revenue earned from app and in-app purchases to the developer. From a report: That is, if the customer purchases the app via a deep or direct link. If the customer gets your app via a Microsoft-assisted method, like getting featured on the Microsoft Store, then devs will get 85 percent of the revenue, which is still a pretty good amount.
GNU is Not Unix

GCC 8.1 Compiler Introduces Initial C++20 Support (gnu.org) 90

"Are you tired of your existing compilers? Want fresh new language features and better optimizations?" asks an announcement on the GCC mailing list touting "a major release containing substantial new functionality not available in GCC 7.x or previous GCC releases."

An anonymous reader writes: GNU has released the GCC 8.1 compiler with initial support for the C++20 (C++2A) revision of C++ currently under development. This annual update to the GNU Compiler Collection also comes with many other new features/improvements including but not limited to new ARM CPU support, support for next-generation Intel CPUs, AMD HSA IL, and initial work on Fortran 2018 support.
China

China's Bungled Drone Display Breaks World Record (bbc.com) 67

Chinese company EHang has broken the Guinness World Record for the most drones flown simultaneously, despite them failing to coordinate for a light show. The company programmed a fleet of 1,374 drones to fly in set patterns, "but failed to spell out the date and the record-setting number of drones," reports the BBC. From the report: The South China Morning Post called the event an "epic fail." The record was previously held by U.S. technology company Intel, which flew 1,218 aircraft at the 2018 Pyeongchang Winter Olympic Games in February. Intel's show was pre-recorded before being aired during the opening ceremony, due to "possible freezing weather and strong winds." According to the South China Morning Post, EHang was paid 10.5 million yuan ($1.65 million) for the Labor Day performance in the north-western city of Xi'an. You can watch a video of the drone display here.
Cloud

Google Releases Open Source Framework For Building 'Enclaved' Apps For Cloud (arstechnica.com) 21

An anonymous reader quotes a report from Ars Technica: Today, Google is releasing an open source framework for the development of "confidential computing" cloud applications -- a software development kit that will allow developers to build secure applications that run across multiple cloud architectures even in shared (and not necessarily trusted) environments. The framework, called Asylo, is currently experimental but could eventually make it possible for developers to address some of the most basic concerns about running applications in any multi-tenant environment. Container systems like Docker and Kubernetes are designed largely to allow untrusted applications to run without exposing the underlying operating system to badness. Asylo (Greek for "safe place") aims to solve the opposite problem -- allowing absolutely trusted applications to run "Trusted Execution Environments" (TEEs), which are specialized execution environments that act as enclaves and protect applications from attacks on the underlying platform they run on.
Programming

One Of LLVM's Top Contributors Quits Development Over Code of Conduct, Outreach Program (phoronix.com) 1235

Rafael Avila de Espindola is the fifth most active contributor to LLVM with more than 4,300 commits since 2006, but now he has decided to part ways with the project. From a report: Rafael posted a rather lengthy mailing list message to fellow LLVM developers today entitled I am leaving llvm. He says the reason for abandoning LLVM development after 12 years is due to changes in the community. In particular, the "social injustice" brought on the organization's new LLVM Code of Conduct and its decision to participate in this year's Outreachy program to encourage women and other minority groups to get involved with free software development. "I am definitely sad to lose Rafael from the LLVM project, but it is critical to the long term health of the project that we preserve an inclusive community. I applaud Rafael for standing by his personal principles, this must have been a hard decision," Chris Lattner, tweeted Thursday.
Education

Ask Slashdot: What Should I Study? 214

A fellow Slashdot reader is seeking advice on a new field of study: After many years at the same company, I'm now thinking of a change. At my current place of work, I have worked on many different projects, from server side development, to UI development, and most recently, a lot of data science work. If I were to rate myself, I consider myself to be a good developer, thorough, conscientious and always willing to learn new things. Even my recent foray into data science (though not entirely new, since my graduate studies specialized in machine learning) has had reasonable success, and ideally, I'd really like to continue working in this space.

But, I'm starting to feel in a rut and I'm looking for a change. And looking outside my company, I'm not sure how to begin. Should I hit the books again? Should I focus on any specific technologies? I haven't particularly kept up with new technology -- after working for so long, I tend to think of that as something I can learn, when I need to. Any advice on how I should go about preparing for interviews? I'm quite willing to put in a few months of work into prep, so all suggestions are welcome!
Wireless Networking

Researchers Want To Turn Your Entire House Into a Co-Processor Using the Local Wi-Fi Signal (arstechnica.com) 102

An anonymous reader shares an excerpt from a report via Ars Technica: Researchers are proposing an idea to make your computer bigger. They are suggesting an extreme and awesome form of co-processing. They want to turn your entire house into a co-processor using the local Wi-Fi signal. Why, you may be asking, do we even want to do this in the first place? The real answer is to see if we can. But the answer given to funding agencies is thermal management. In a modern processor, if all the transistors were working all the time, it would be impossible to keep the chip cool. Instead, portions of the chip are put to sleep, even if that might mean slowing up a computation. But if, like we do with video cards, we farm out a large portion of certain calculations to a separate device, we might be able to make better use of the available silicon.

So, how do you compute with Wi-Fi in your bedroom? The basic premise is that waves already perform computations as they mix with each other, it's just that those computations are random unless we make some effort to control them. When two waves overlap, we measure the combination of the two: the amplitude of one wave is added to the amplitude of the other. Depending on the history of the two waves, one may have a negative amplitude, while the other may have a positive amplitude, allowing for simple computation. The idea here is to control the path that each wave takes so that, when they're added together, they perform the exact computation that we want them to. The classic example is the Fourier transform. A Fourier transform takes an object and breaks it down into a set of waves. If these waves are added together, the object is rebuilt. You can see an example of this in the animation here.

Facebook

As Controversy Swirls, Facebook Dials Down the Swagger On Its Developer Conference (theverge.com) 26

In the recent years, Facebook has used its developer conference -- F8 -- as an opportunity to showcase the most bleeding technologies: Type with your brain. 'Hear' with your skin. And in the event of an emergency, a helicopter to the rescue with some free internet access. But that was a different time. In the recent months, the company has faced backlash for Cambridge Analytica scandal, and reportedly delayed plans to launch a Amazon Echo-like speaker. But perhaps the biggest surprise for developers came this month when Facebook deprecated APIs to limit the amount of data developers had access to -- forcing many to seriously rethink their business model as their existence revolved around access to users' data. So how does the company plan to cherish its developer ecosystem at the two-day long F8 conference starting tomorrow? The Verge reports: The bruising series of events leading up to F8 is expected to produce a more muted affair than in previous years. (Much of the event had to be reworked in recent weeks after the company began shutting down APIs, people familiar with the matter told The Verge.) On one hand, the event, which takes places Tuesday and Wednesday in San Jose, is still very much on. Facebook says it's the biggest F8 ever, with more than 50 sessions available to a record crowd of 5,000 attendees. But the company acknowledges that the event comes at a time when Facebook is radically rethinking its relationship with those developers.

[...] It remains to be see whether the company will get a warm reception from partners who have been blindsided by the changes. Justin Krause runs a startup named Pod that builds a smart calendar app for iOS. Until this month, the app integrated with Facebook to put events from the social app onto your calendar. Then, in the wake of this month's Congressional hearings, Facebook revoked Pod's access to the calendar API without warning. "They didn't announce that they were revoking this data or send errors -- they just started sending empty lists, silently," Krause said. [...] In any case, it promises to be Facebook's strangest developer conference ever -- it's the only one to be held in the midst of a massive API shutdown.

Programming

Stack Overflow Admits It Hasn't Been Welcoming To 'Newer Coders, Women, People of Color, and Others'; Outlines How It Plans To Change That (stackoverflow.blog) 618

Paul Fernhout writes: Jay Hanlon, executive vice president of culture and experience at Stack Overflow, penned a column on the company's blog last week in which he admitted the "painful truth" that "too many people experience Stack Overflow as a hostile or elitist place, especially newer coders, women, people of color, and others in marginalized groups." Hanlon, added, "our employees and community have cared about this for a long time, but we've struggled to talk about it publicly or to sufficiently prioritize it in recent years. And results matter more than intentions." The post adds: "Now, that's not because most Stack Overflow contributors are hostile jerks. The majority of them are generous and kind. Sure, a few are... just generous, I guess? But our active users regularly express their frustration that we haven't done more to make outsiders feel more welcome. The real problem isn't the community -- it's us:

We trained users to tell other users what they're doing wrong, but we didn't provide new folks with the necessary guidance to do it right. We failed to give our regular users decent tools to review content and easily find what they're looking for. We sent mixed messages over the years about whether we're a site for "experts" or for anyone who codes."

Books

New Book Describes 'Bluffing' Programmers in Silicon Valley (theguardian.com) 292

Long-time Slashdot reader Martin S. pointed us to this an excerpt from the new book Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley by Portland-based investigator reporter Corey Pein.

The author shares what he realized at a job recruitment fair seeking Java Legends, Python Badasses, Hadoop Heroes, "and other gratingly childish classifications describing various programming specialities." I wasn't the only one bluffing my way through the tech scene. Everyone was doing it, even the much-sought-after engineering talent. I was struck by how many developers were, like myself, not really programmers, but rather this, that and the other. A great number of tech ninjas were not exactly black belts when it came to the actual onerous work of computer programming. So many of the complex, discrete tasks involved in the creation of a website or an app had been automated that it was no longer necessary to possess knowledge of software mechanics. The coder's work was rarely a craft. The apps ran on an assembly line, built with "open-source", off-the-shelf components. The most important computer commands for the ninja to master were copy and paste...

[M]any programmers who had "made it" in Silicon Valley were scrambling to promote themselves from coder to "founder". There wasn't necessarily more money to be had running a startup, and the increase in status was marginal unless one's startup attracted major investment and the right kind of press coverage. It's because the programmers knew that their own ladder to prosperity was on fire and disintegrating fast. They knew that well-paid programming jobs would also soon turn to smoke and ash, as the proliferation of learn-to-code courses around the world lowered the market value of their skills, and as advances in artificial intelligence allowed for computers to take over more of the mundane work of producing software. The programmers also knew that the fastest way to win that promotion to founder was to find some new domain that hadn't yet been automated. Every tech industry campaign designed to spur investment in the Next Big Thing -- at that time, it was the "sharing economy" -- concealed a larger programme for the transformation of society, always in a direction that favoured the investor and executive classes.

"I wasn't just changing careers and jumping on the 'learn to code' bandwagon," he writes at one point. "I was being steadily indoctrinated in a specious ideology."
Java

Oracle Sets End Date for Business Java 8 Updates (infoworld.com) 85

An anonymous reader quotes InfoWorld: Further clarifying its ongoing support plans for Java SE 8, Oracle will require businesses to have a commercial license to get updates after January 2019. In an undated bulletin about the revision, Oracle said public updates for Java SE 8 released after January 2019 will not be available for business, commercial, or production use without a commercial license. However, public updates for Java SE 8 will be available for individual, personal use through at least the end of 2020.

Oracle advises enterprises to review the Oracle Java SE Support Roadmap to assess support requirements to migrate to a later release or obtain a commercial license... Oracle advises developers to review roadmaps for Java SE 8 and beyond and take appropriate action based on their application and its distribution model.

Programming

Go Programming Language Gets A New Logo and Branding (golang.org) 120

After an "extensive design process," the Go programming language has a "new look and logo," according to Google's lead for Go developer relations, product, and strategy. (Promising that this won't affect Go's gopher mascot.) Our logo follows the brand's core philosophy of simplicity over complexity... The circular shape of the letters hints at the eyes of the Go gopher, creating a familiar shape and allowing the mark and the mascot to pair well together... In addition to our brand guide we have also developed a presentation theme. This presentation theme will enable us to have a consistent representation of Go in person at meetups and conferences as well as online.

Go community members are welcome to use this theme for their own presentations. The presentations are available as Google Slides presentations. We chose Google Slides as it is easy to share and maintain updates. People are welcome to port them to keynote, PowerPoint, etc. Like this blog and all our gopher images, the slide themes are Creative Commons Attribution 3.0 licensed... The brand guide, logo and themes are copyrighted by the Go authors. The brand guide contains the guidelines for acceptable logo use.

It's been more than eight years since the language's launch, and "we wanted the Go brand to reflect where we have been and convey where we are going."
Programming

Drupal Warns of New Remote-Code Bug, the Second in Four Weeks (arstechnica.com) 50

For the second time in a month, websites that use the Drupal content management system are confronted with a stark choice: install a critical update or risk having your servers infected with ransomware or other nasties. From a report: Maintainers of the open-source CMS built on the PHP programming language released an update patching critical remote-code vulnerability on Wednesday. The bug, formally indexed as CVE-2018-7602, exists within multiple subsystems of Drupal 7.x and 8.x. Drupal maintainers didn't provide details on how the vulnerability can be exploited other than to say attacks work remotely. The maintainers rated the vulnerability "critical" and urged websites to patch it as soon as possible.

Slashdot Top Deals