DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Bitcoin

The Promise of Blockchain Is a World Without Middlemen (hbr.org) 73

dryriver writes: The Harvard Business Review has an interesting article about how Blockchain technology may bring down the cost of business transactions and enable new ways of doing things: "Consider the problem that small manufacturers have dealing with giants like Wal-Mart. To keep transaction costs and the costs of carrying each product line down, large companies generally only buy from companies that can service a substantial percentage of their customers. But if the cost of carrying a new product was tiny, a much larger number of small manufacturers might be included in the value network. Amazon carries this approach a long way, with enormous numbers of small vendors selling through the same platform, but the idea carried to its limit is eBay and Craigslist, which bring business right down to the individual level. While it's hard to imagine a Wal-Mart with the diversity of products offered by Amazon or even eBay, that is the kind of future we are moving into." "Decentralization" is the idea that a database works like a network "that's shared with everybody in the world, where anyone and anything can connect to it," writes Vinay Gupta for Harvard Business Review. "Decentralization offers the promise of nearly friction-free cooperation between members of complex networks that can add value to each other by enabling collaboration without central authorities and middle men." The proposition ultimately makes things "more efficient in unexpected ways." For example, "a 1% transaction fee may not seem like much, but down a 15-step supply chain, it adds up. [...] The decentralization that blockchain provides would change that, which could have huge possible impacts for economies in the developing world," writes Gupta.
Businesses

Google's Compute Engine Now Offers Machines With Up To 64 CPU Cores, 416GB of RAM (techcrunch.com) 74

An anonymous reader shares a TechCrunch report: Google is doubling the maximum number of CPU cores developers can use with a single virtual machine on its Compute Engine service from 32 to 64. These high-power machines are now available in beta across all of Google's standard configurations and as custom machine types, which allow you to select exactly how many cores and memory you want. If you opt to use 64 cores in Google's range of high-memory machine types, you'll also get access to 416GB of RAM. That's also twice as much memory as Compute Engine previously offered for a single machine and enough for running most memory-intensive applications, including high-end in-memory databases. Running your apps on this high-memory machine will set you back $3.7888 per hour (though you do get all of Google's usual sustained-use discounts if you run it for longer, too).
Google

Google Can Now Recognize Objects in Videos Using Machine Learning (theverge.com) 47

Google has found a new way to allow software to parse video. On Wednesday, the company announced "Video Intelligence API", which is able to identify objects in a video. From a report: By playing a short commercial, the API was able to identify the dachshund in the video, when it appeared in the video, and then understand that the whole thing was a commercial. In another demo, we saw a simple search for "beach" and was able to find videos which had scenes from beaches in them, complete with timestamps. That's similar to how Google Photos lets you search for "sunset" and pull up your best late-day snapshots. Before now, computers couldn't really understand the content of a video directly without manual tagging. "We are beginning to shine light on the dark matter of the digital universe," Fei-Fei Li, chief scientist of artificial intelligence and machine learning at Google Cloud, said. At least in Google's demo, it was genuinely impressive. And Google is making the API available to developers, just as it has with its other machine learning APIs.
Apple

Apple Begins Rejecting Apps With 'Hot Code Push' Feature (apple.com) 149

Apple has long permitted "hot code push", a feature that allows developers to continuously deploy changes to their mobile apps and have those changes reflect in their apps instantly. This allowed developers to make quick changes to their apps without having to resubmit the new iteration and get approval from the Apple Store review team. But that's changing now. In response to a developer's query, Apple confirmed that it no longer permits "hot code push." The company told the developer: Your app, extension, and/or linked framework appears to contain code designed explicitly with the capability to change your app's behavior or functionality after App Review approval, which is not in compliance with section 3.3.2 of the Apple Developer Program License Agreement and App Store Review Guideline 2.5.2. This code, combined with a remote resource, can facilitate significant changes to your app's behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes.
Firefox

Developer Proclaims Death of Cyberfox Web Browser (ghacks.net) 52

In a forum entitled "Cyberfox and its future direction," the lead developer of Cyberfox proclaimed the death of their web browser. The lead developer, Toady, writes: "Over the years the Cyberfox project has grown immensely and its thanks to all the amazing support of our users and has been an amazing couple of years this however has demanded far more of my time causing me to drop allot of projects and passions id like to pursue, the time factor this project has demanded has also take a toll lifestyle wise as have the changes made by Mozilla requiring more and more time to maintain so its come to a point where i recently had to assess the direction of this project and the direction i wish to head for the future. This has being no easy choice and the last few months allot of thinking about the direction of this project has taken place." He continues, "This project has been amazing no one could ask for a better project or community sadly as much as i love this project my heart is no longer fully in it, dreams of pursuing game development were pushed aside and lifestyle steadily declined ultimately slowly coming to this point where changes and choices have to be made ones that will affect this project and the future of what i have spent all these years building." Ghacks Technology News reports: The death of Cyberfox, or more precisely, the announcement of end of life for the web browser may come as a shock to users who run it. It should not be too much of a surprise though for users who keep an eye on the browser world and especially Mozilla and Firefox. Mozilla announced major changes to Firefox, some of which landed already, some are in process, and others are announced for 2017. [Some of the critical changes:] Multi-process Firefox is almost done, plugins are out except for Flash and Firefox ESR, Windows XP and Vista users are switched to Firefox ESR so that the operating systems are supported for eight additional releases, and WebExtensions will replace all other add-on systems of the browser. That's a lot of change, especially for projects that are maintained by a small but dedicated group of developers such as Cyberfox. The author of Cyberfox made the decision to switch the browser's release channel to Firefox 52.0 ESR. This means that Cyberfox will be supported with security updates for the next eight release cycles, but new features that Mozilla introduces in Firefox Stable won't find their way into the browser anymore. UPDATE 3/07/17: We have updated the headline to clarify that Cyberfox, specifically, is the browser that will be coming to an end. We have also added an excerpt from the developer's post. Toady clarified at the end of his post: "The largest factor was lifestyle a nicer way of saying health issues without making it to personalized."
Microsoft

Microsoft Releases Visual Studio 2017 (visualstudio.com) 195

Reader Anon E. Muss writes: Microsoft on Tuesday released Visual Studio 2017. The latest version of the venerable Integrated Development Environment supports a variety of languages (C/C++, C#, VB.net, F#, Javascript/Typescript, Python, etc.) and targets classic "Win32" desktop, Universal Windows Platform (UWP, also known as "Metro"), .NET, ASP, node.js, etc.). A "Community Edition" is available at no cost for individual developers and those working on open source software. "Professional" and "Enterprise" editions are available for corporate developers, at prices sure to shock whoever has to sign the check.
Medicine

Researchers Suggest Using Blockchain For Electronic Health Records (hbr.org) 70

The CIO at a Boston teaching hospital and two MIT researchers write in the Harvard Business Review that blockchain "has the potential to enable secure lifetime medical record sharing across providers," calling it "a different construct, providing a universal set of tools for cryptographic assurance of data integrity, standardized auditing, and formalized 'contracts' for data access." An anonymous reader quotes their report: A vexing problem facing health care systems throughout the world is how to share more medical data with more stakeholders for more purposes, all while ensuring data integrity and protecting patient privacy... Today humans manually attempt to reconcile medical data among clinics, hospitals, labs, pharmacies, and insurance companies. It does not work well because there is no single list of all the places data can be found or the order in which it was entered...

Imagine that every electronic health record (EHR) sent updates about medications, problems, and allergy lists to an open-source, community-wide trusted ledger, so additions and subtractions to the medical record were well understood and auditable across organizations. Instead of just displaying data from a single database, the EHR could display data from every database referenced in the ledger. The end result would be perfectly reconciled community-wide information about you, with guaranteed integrity from the point of data generation to the point of use, without manual human intervention.

Crime

Local Police Departments Are Building Their Own DNA Databases (ap.org) 50

Slashdot reader schwit1 quotes the Associated Press: Dozens of police departments around the U.S. are amassing their own DNA databases to track criminals, a move critics say is a way around regulations governing state and national databases that restrict who can provide genetic samples and how long that information is held. The local agencies create the rules for their databases, in some cases allowing samples to be taken from children or from people never arrested for a crime. Police chiefs say having their own collections helps them solve cases faster because they can avoid the backlogs that plague state and federal repositories...

Frederick Harran, the public safety director in Bensalem Township, Pennsylvania...said he knows of about 60 departments using local databases... "The local databases have very, very little regulations and very few limits, and the law just hasn't caught up to them," said Jason Kreig, a law professor at the University of Arizona who has studied the issue.

One ACLU attorney cites a case where local police officers in California took DNA samples from children without even obtaining a court order first.
Programming

Douglas Crockford Envisions A Post-JavaScript World (infoworld.com) 300

JavaScript developer (and JSON proponent) Douglas Crockford recently described "a theoretical post-JavaScript World," according to InfoWorld. Crockford "believes the web development staple needs a successor that can fix multiple programming nuances." An anonymous reader summarizes their report: Despite its status as the world's most popular language, Crockford told an audience at the Oracle Code conference, "It would be sad if JavaScript turns out to be the last language." He complained that JavaScript has two different ways of declaring variables -- let and var -- as well as two different "bottom variables" with no value -- both null and undefined. "There's an argument among language designers, should we have bottom values at all? But there's nobody who thinks you should have two of them."

According to InfoWorld, Crockford "also presented a scenario with JavaScript being turned into a purely functional programming language by getting rid of 'impurities' like date, the delete operation, math.random and object.assign. Afterward, he stressed replacing JavaScript rather than adding functional capabilities to it... The next language also should be better able to deal with multiple cores. Most languages have followed the sequential model of Fortran, executing one operation after another, he said. 'That's not how the world works anymore. We now have lots of cores available to us, which all want to be running at the same time.'"

In other news, Crockford also proposed ending the "spaces vs. tabs" debate by simply eliminating tabs altogether.
Iphone

An 81-Year-Old Woman Just Created Her Own iPhone App (cnn.com) 60

After 43 years working in one of Japan's leading banks, 81-year-old Masako Wakamiya has launched an iPhone app called "Hinadan" that shows users how to stage traditional dolls for the Hinamatsuri festival. From a report on CNN Money: She says she felt compelled to do something after noticing a shortage of fun apps aimed at people her age. "We easily lose games when playing against young people, since our finger movements can't match their speed," Wakamiya told CNN. The retired banker asked a bunch of people to create games for seniors, but no one was interested. So she took matters into her own hands and achieved something many people half her age haven't done. "I wanted to create a fun app to get elderly people interested in smartphones," she said. "It took about half a year to develop." Wakamiya started using computers at age 60 when she was caring for her elderly mother and finding it difficult to get out and socialize with friends.
Software

Software Engineer Detained At JFK, Given Test To Prove He's An Engineer (mashable.com) 553

New submitter mendred quotes a report from Mashable: Celestine Omin, a software engineer at Andela -- a tech startup that connects developers in Africa with U.S employers -- had a particularly unwelcoming reception when he deplaned at John F. Kennedy Airport and was given a test to prove he was actually a software engineer. A LinkedIn post detailing Omin's challenging experience explained that upon landing in New York after spending 24 miserable hours on a Qatar Airways flight, he was given some trouble about the short-term visa he obtained for his trip. According to the post, an unprepared and exhausted Omin waited in the airport for approximately 20 minutes before being questioned by a Customs and Border Protection officer about his occupation. After several questions were asked, he was reportedly brought to a small room and told to sit down, where he was left for another hour before another customs officer entered and resumed grilling him. Omin was instructed to answer the following questions: "Write a function to check if a Binary Search Tree is balanced," and "What is an abstract class, and why do you need it."
Businesses

Programmers Are Confessing Their Coding Sins To Protest a Broken Job Interview Process (theoutline.com) 1001

A number of programmers have taken it Twitter to bring it to everyone's, but particularly recruiter's, attention about the grueling interview process in their field that relies heavily on technical questions. David Heinemeier Hansson, a well-known programmer and the creator of the popular Ruby on Rails coding framework, started it when he tweeted, "Hello, my name is David. I would fail to write bubble sort on a whiteboard. I look code up on the internet all the time. I don't do riddles." Another coder added, "Hello, my name is Tim. I'm a lead at Google with over 30 years coding experience and I need to look up how to get length of a python string." Another coder chimed in, "Hello my name is Mike, I'm a GDE and lead at NY Times, I don't know what np complete means. Should I?" A feature story on The Outline adds: This interview style, widely used by major tech companies including Google and Amazon, typically pits candidates against a whiteboard without access to reference material -- a scenario working programmers say is demoralizing and an unrealistic test of actual ability. People spend weeks preparing for this process, afraid that the interviewer will quiz them on the one obscure algorithm they haven't studied. "A cottage industry has emerged that reminds us uncomfortably of SAT prep," Karla Monterroso, VP of programs for Code2040, an organization for black and Latino techies, wrote in a critique of the whiteboard interview. [...] This means companies tend to favor recent computer science grads from top-tier schools who have had time to cram; in other words, it doesn't help diversify the field with women, older people, and people of color.
Security

Severe SQL Injection Flaw Discovered In WordPress Plugin With Over 1 Million Installs (bleepingcomputer.com) 61

According to BleepingComputer, "A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a website's database." The plugin's name is NextGEN Gallery, which has its own set of plugins due to how successful it is. From the report: According to web security firm Sucuri, who discovered the NextGEN Gallery security issues, the first attack scenario can happen if a WordPress site owner activates the NextGEN Basic TagCloud Gallery option on his site. This feature allows site owners to display image galleries that users can navigate via tags. Clicking one of these tags alters the site's URL as the user navigates through photos. Sucuri says that an attack can modify link parameters and insert SQL queries that will be executed by the plugin when the attacker loads the malformed URL. This happens due to improper input sanitization in the URL parameters, a common problem with many WordPress and non-WordPress web applications. The second exploitation scenario can happen if website owners open their site for blog post submissions. Because attackers can create accounts on the site and submit a blog post/article for review, they can also insert malformed NextGEN Gallery shortcodes. Sucuri says the plugin's authors fixed this flaw in NextGEN Gallery 2.1.79.
Databases

CloudPets IoT Toys Leaked and Ransomed, Exposing Kids' Voice Messages (androidpolice.com) 64

"According to security researcher Troy Hunt, a series of web-connected, app-enabled toys called CloudPets have been hacked," reports Android Police. "The manufacturer's central database was reportedly compromised over several months after stunningly poor security, despite the attempts of many researchers and journalists to inform the manufacturer of the potential danger. Several ransom notes were left, demanding Bitcoin payments for the implied deletion of stolen data." From the report: CloudPets allow parents to record a message for their children on their phones, which then arrives on the Bluetooth connected stuffed toy and is played back. Kids can squeeze the stuffed animal's paw to record a message of their own, which is sent back to the phone app. The Android app has been downloaded over 100,000 times, though user reviews are poor, citing a difficult interface, frequent bugs, and annoying advertising. Hunt and the researchers he collaborated with found that the central database for CloudPets' voice messages and user info was stored on a public-facing MongoDB server, with only basic hashes protecting user addresses and passwords. The same database apparently connected to the stored voice messages that could be retrieved by the apps and toys. Easy access and poor password requirements may have resulted in unauthorized access to a large number of accounts. The database was finally removed from the publicly accessible server in January, but not before demands for ransom were left.
Open Source

GitHub Invites Contributions To 'Open Source Guides' (infoq.com) 54

An anonymous reader quotes InfoQ: GitHub has recently launched its Open Source Guides, a collection of resources addressing the most common scenarios and best practices for both contributors and maintainers of open source projects. The guides themselves are open source and GitHub is actively inviting developers to participate and share their stories... "Open source is complicated, especially for newcomers. Experienced contributors have learned many lessons about the best way to use, contribute to, and produce open source software. Everyone shouldn't have to learn those lessons the hard way."

Making a successful first contribution is not the exclusive focus of the guides, though, which also strives to make it easier to find users for a project, starting a new project, and building healthy open source communities. Other topics the guides dwell on are best practices, getting financial support, metrics, and legal matters.

GitHub's Head of Open Source says the guides create "the equivalent of a water cooler for the community."
Security

Java and Python FTP Attacks Can Punch Holes Through Firewalls (csoonline.com) 18

"The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks," reports CSO Online. itwbennett writes: Last weekend security researcher Alexander Klink disclosed an interesting attack where exploiting an XML External Entity vulnerability in a Java application can be used to send emails. At the same time, he showed that this type of vulnerability can be used to trick the Java runtime to initiate FTP connections to remote servers. After seeing Klink's exploit, Timothy Morgan, a researcher with Blindspot Security, decided to disclose a similar attack that works against both Java's and Python's FTP implementations. "But his attack is more serious because it can be used to punch holes through firewalls," writes Lucian Constantin in CSO Online.
"The Java and Python developers have been notified of this problem, but until they fix their FTP client implementations, the researcher advises firewall vendors to disable classic mode FTP translation by default..." reports CSO Online. "It turns out that the built-in implementation of the FTP client in Java doesn't filter out special carriage return and line feed characters from URLs and actually interprets them. By inserting such characters in the user or password portions of an FTP URL, the Java FTP client can be tricked to execute rogue commands..."
Education

Arizona Bill Would Make Students In Grades 4-12 Participate Once In An Hour of Code (azpbs.org) 142

theodp writes: Christopher Silavong of Cronkite News reports: "A bill, introduced by [Arizona State] Sen. John Kavanagh [R-Fountain Hills] would mandate that public and charter schools provide one hour of coding instruction once between grades 4 to 12. Kavanagh said it's critical for students to learn the language -- even if it's only one session -- so they can better compete for jobs in today's world. However, some legislators don't believe a state mandate is the right approach. Senate Bill 1136 has passed the Senate, and it's headed to the House of Representatives. Kavanagh said he was skeptical about coding and its role in the future. But he changed his mind after learning that major technology companies were having trouble finding domestic coders and talking with his son, who works at a tech company." According to the Bill, the instruction can "be offered by either a nationally recognized nonprofit organization [an accompanying Fact Sheet mentions tech-backed Code.org] that is devoted to expanding access to computer science or by an entity with expertise in providing instruction to pupils on interactive computer instruction that is aligned to the academic standards."
Government

Security Lapse Exposed New York Airport's Critical Servers For a Year (zdnet.com) 45

An anonymous reader quotes a report from ZDNet: A security lapse at a New York international airport left its server backups exposed on the open internet for almost a year, ZDNet has found. The internet-connected storage drive contained several backup images of servers used by Stewart International Airport, but neither the backup drive nor the disk images were password protected, allowing anyone to access their contents. Since April last year, the airport had been inadvertently leaking its own highly-sensitive files as a result of the drive's misconfiguration. Vickery, who also posted an analysis of his findings, said the drive "was, in essence, acting as a public web server" because the airport was backing up unprotected copies of its systems to a Buffalo-branded drive, installed by a contract third-party IT specialist. When contacted Thursday, the contractor dismissed the claims and would not comment further. Though the listing still appears on Shodan, the search engine for unprotected devices and databases, the drive has since been secured. The files contained eleven disk images, accounting for hundreds of gigabytes of files and folders, which when mounted included dozens of airport staff email accounts, sensitive human resources files, interoffice memos, payroll data, and what appears to be a large financial tracking database. Many of the files we reviewed include "confidential" internal airport documents, which contain schematics and details of other core infrastructure.
Bug

Cloudflare Leaks Sensitive User Data Across the Web (theregister.co.uk) 87

ShaunC writes: In a bug that's been christened "Cloudbleed," Cloudflare disclosed today that some of their products accidentally exposed private user information from a number of websites. Similar to 2014's Heartbleed, Cloudflare's problem involved a buffer overrun that allowed uninitialized memory contents to leak into normal web traffic. Tavis Ormandy, of Google's Project Zero, discovered the flaw last week. Affected sites include Uber, Fitbit, and OK Cupid, as well as unnamed services for hotel booking and password management. Cloudflare says the bug has been fixed, and Google has purged affected pages from its search index and cache. Further reading: The Register, Ars Technica
AI

Microsoft Research Developing An AI To Put Coders Out of a Job (mspoweruser.com) 338

jmcbain writes: Are you a software programmer who voted in a recent Slashdot poll that a robot/AI would never take your job? Unfortunately, you're wrong. Microsoft, in collaboration with the University of Cambridge, is developing such an AI. This software "can turn your descriptions into working code in seconds," reports MSPoweruser. "Called DeepCoder, the software can take requirements by the developer, search through a massive database of code snippets and deliver working code in seconds, a significant advance in the state of the art in program synthesis." New Scientist describes program synthesis as "creating new programs by piecing together lines of code taken from existing software -- just like a programmer might. Given a list of inputs and outputs for each code fragment, DeepCoder learned which pieces of code were needed to achieve the desired result overall." The original research paper can be read here.

Slashdot Top Deals